UbuntuUpdates.org

Package "u-boot"

Name: u-boot

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • A boot loader for qemu
  • companion tools for Das U-Boot bootloader
Latest version: 2022.01+dfsg-2ubuntu2.7
Release: jammy (22.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "u-boot" in Jammy

Repository Area Version
base main 2022.01+dfsg-2ubuntu2
updates main 2022.01+dfsg-2ubuntu2.7

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2022.01+dfsg-2ubuntu2.7 2026-02-23 15:07:47 UTC

  u-boot (2022.01+dfsg-2ubuntu2.7) jammy-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in sqfs_inode_size
    - debian/patches/CVE-2024-57254.patch: check for overflow in
      fs/squashfs/sqfs_inode.c.
    - CVE-2024-57254
  * SECURITY UPDATE: Integer overflow in sqfs_resolve_symlink
    - debian/patches/CVE-2024-57255.patch: check for overflow in
      fs/squashfs/sqfs.c.
    - CVE-2024-57255
  * SECURITY UPDATE: Integer overflow in ext4fs_read_symlink
    - debian/patches/CVE-2024-57256.patch: check for overflow in
      fs/ext4/ext4_common.c.
    - CVE-2024-57256
  * SECURITY UPDATE: Stack consumption issue in sqfs_size
    - debian/patches/CVE-2024-57257.patch: limit nesting levels in
      fs/squashfs/sqfs.c.
    - CVE-2024-57257
  * SECURITY UPDATE: Integer overflows in memory allocation
    - debian/patches/CVE-2024-57258-1.patch: fix ptrdiff_t in
      arch/x86/include/asm/posix_types.h.
    - debian/patches/CVE-2024-57258-2.patch: fix overflow check in
      common/dlmalloc.c.
    - debian/patches/CVE-2024-57258-3.patch: make sure that the new break
      is within mem_malloc_start and mem_malloc_end before making progress
      in common/dlmalloc.c.
    - CVE-2024-57258
  * SECURITY UPDATE: Heap memory corruption in sqfs_search_dir
    - debian/patches/CVE-2024-57259.patch: fix off-by-one in
      fs/squashfs/sqfs.c.
    - CVE-2024-57259

 -- Marc Deslauriers <email address hidden> Wed, 11 Feb 2026 13:08:14 -0500
Source diff to previous version
CVE-2024-57254 An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
CVE-2024-57255 An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xfffffff
CVE-2024-57256 An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 fil
CVE-2024-57257 A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
CVE-2024-57258 Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or becaus
CVE-2024-57259 sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing bec

Version: 2022.01+dfsg-2ubuntu2.3 2022-12-06 14:07:57 UTC

  u-boot (2022.01+dfsg-2ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: unchecked length field in DFU implementation
    - debian/patches/CVE-2022-2347-pre1.patch: handle short frame result of
      UPLOAD in state_dfu_idle in drivers/usb/gadget/f_dfu.c.
    - debian/patches/CVE-2022-2347.patch: fix the unchecked length field in
      drivers/usb/gadget/f_dfu.c.
    - CVE-2022-2347
  * SECURITY UPDATE: buffer overflow via invalid packets
    - debian/patches/CVE-2022-30552_30790.patch: check for the minimum IP
      fragmented datagram size in include/net.h, net/net.c.
    - CVE-2022-30552
    - CVE-2022-30790
  * SECURITY UPDATE: incomplete fix for CVE-2019-14196
    - debian/patches/CVE-2022-30767.patch: switch length to unsigned int in
      net/nfs.c.
    - CVE-2022-30767
  * SECURITY UPDATE: out of bounds write via sqfs_readdir()
    - debian/patches/CVE-2022-33103.patch: prevent arbitrary code execution
      in fs/squashfs/sqfs.c, include/fs.h.
    - CVE-2022-33103
  * SECURITY UPDATE: heap buffer overflow in metadata reading
    - debian/patches/CVE-2022-33967.patch: use kcalloc when relevant in
      fs/squashfs/sqfs.c.
    - CVE-2022-33967
  * SECURITY UPDATE: stack overflow in i2c md command
    - debian/patches/CVE-2022-34835.patch: switch to unsigned int in
      cmd/i2c.c.
    - CVE-2022-34835

 -- Marc Deslauriers <email address hidden> Thu, 24 Nov 2022 14:40:06 -0500
CVE-2022-2347 There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and
CVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow.
CVE-2022-30790 Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
CVE-2019-14196 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2022-30767 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to
CVE-2022-33103 Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
CVE-2022-33967 squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a
CVE-2022-34835 In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corrupti


About   -   Send Feedback to @ubuntu_updates