CVE-2018-18439

Name of the Vulnerable Software and Affected Versions DENX U-Boot versions through 2018.09-rc1

Description The issue is a buffer overflow that can be exploited remotely through a malicious TFTP server due to mishandled TFTP traffic. Additionally, local exploitation is possible via a crafted kernel image.

Recommendations For DENX U-Boot versions through 2018.09-rc1, as a temporary workaround, consider restricting access to TFTP servers and avoiding the use of crafted kernel images until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.