Описание
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2020.10+dfsg-1ubuntu0~18.04.2 |
| devel | not-affected | 2020.04+dfsg-2ubuntu1 |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 2020.10+dfsg-1ubuntu0~18.04.2 |
| esm-infra/focal | released | 2021.01+dfsg-3ubuntu0~20.04.3 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 2021.01+dfsg-3ubuntu0~20.04.3 |
| groovy | not-affected | 2020.04+dfsg-2ubuntu1 |
| hirsute | not-affected | 2020.04+dfsg-2ubuntu1 |
Показывать по
Ссылки на источники
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
In Das U-Boot through 2020.01, a double free has been found in the cmd ...
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
Уязвимость функции do_rename_gpt_parts() (cmd/gpt.c) загрузчика U-Boot встроенных операционных систем на базе Linux, позволяющая нарушителю выполнить произвольный код
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3