PT-2020-6805 · Unknown+2 · Das U-Boot+2

Published

2020-01-17

Updated

2021-07-21

CVE-2020-8432

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Das U-Boot versions through 2020.01

Description A double free issue has been found in the do rename gpt parts() function, located in cmd/gpt.c. This issue may result in a write-what-where condition, allowing an attacker to execute arbitrary code. The vulnerability was introduced while attempting to fix a memory leak identified by static analysis.

Recommendations For Das U-Boot versions through 2020.01, as a temporary workaround, consider disabling the do rename gpt parts() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-415

Related Identifiers

ALT-PU-2020-1720

ALT-PU-2020-2520

BDU:2022-07031

CVE-2020-8432

OPENSUSE-SU-2020:1869-1

OPENSUSE-SU-2020:1930-1

OPENSUSE-SU-2020_1869-1

OPENSUSE-SU-2020_1930-1

SUSE-SU-2020:3161-1

SUSE-SU-2020:3255-1

SUSE-SU-2020:3256-1

SUSE-SU-2020:3282-1

SUSE-SU-2020:3283-1

Affected Products

Alt Linux

Das U-Boot

Suse

PT-2020-6805 · Unknown+2 · Das U-Boot+2

CVE-2020-8432

Weakness Enumeration

Related Identifiers

Affected Products

References · 77