-------------------------------------------------------------------------
Debian LTS Advisory DLA-4150-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Daniel Leidert
May 01, 2025 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : u-boot
Version : 2021.01+dfsg-5+deb11u1
CVE ID : CVE-2019-14196 CVE-2022-2347 CVE-2022-30552 CVE-2022-30767
CVE-2022-30790 CVE-2022-33103 CVE-2022-33967 CVE-2022-34835
CVE-2024-57254 CVE-2024-57255 CVE-2024-57256 CVE-2024-57257
CVE-2024-57258 CVE-2024-57259
Debian Bug : 1014470 1014471 1014528 1014529 1014959 1098254
Multiple vulnerabilties were discovered in u-boot, a boot loader for
embedded systems.
CVE-2022-2347
An unchecked length field leading to a heap overflow.
CVE-2022-30552 and CVE-2022-30790
Buffer Overflow.
CVE-2022-30767 (CVE-2019-14196)
Unbounded memcpy with a failed length check, leading to a buffer
overflow. This issue exists due to an incorrect fix for CVE-2019-
14196.
CVE-2022-33103
Out-of-bounds write.
CVE-2022-33967
Heap-based buffer overflow vulnerability which may lead to a denial-
of-service (DoS).
CVE-2022-34835
Integer signedness error and resultant stack-based buffer overflow.
CVE-2024-57254
Integer overflow.
CVE-2024-57255
Integer overflow.
CVE-2024-57256
Integer overflow.
CVE-2024-57257
Stack consumption issue.
CVE-2024-57258
Multiple integer overflows.
CVE-2024-57259
Off-by-one error resulting in heap memory corruption.
For Debian 11 bullseye, these problems have been fixed in version
2021.01+dfsg-5+deb11u1.
We recommend that you upgrade your u-boot packages.
For the detailed security status of u-boot please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/u-boot
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part