Memory Corruption Vulnerability in Das U-Boot by Denx
CVE-2019-13104

7.8HIGH

Key Information:

Vendor

Denx

Status
U-boot
Vendor
CVE Published:
6 August 2019

What is CVE-2019-13104?

In specific versions of Das U-Boot, an underflow vulnerability may allow a crafted ext4 filesystem to overwrite significant portions of memory, including the entire stack, during the execution of the memcpy() function. This can lead to unforeseen behavior and potential exploitation, notably affecting the integrity and stability of systems utilizing affected versions.

References

https://github.com/u-boot/u-boot/commits/master
x_refsource_MISC
https://lists.denx.de/pipermail/u-boot/2019-July/375514.html
x_refsource_MISC
https://gist.github.com/deephooloovoo/d91b81a1674b4750e66...
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.