CVE-2019-13105 — Double Free in U-boot

Severity

7.8HIGHNVD

EPSS

0.3%

top 50.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 6

Latest updateMay 24

Description

Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶debiandebian/u-boot< u-boot 2020.01+dfsg-1 (bookworm)

▶Debiandenx/u-boot< 2020.01+dfsg-1+3

▶NVDdenx/u-boot2019.07

GHSA

GHSA-mh5f-m889-7rw3: Das U-Boot versions 2019↗2022-05-24

▶

OSV

CVE-2019-13105: Das U-Boot versions 2019↗2019-08-06

▶

Debian

CVE-2019-13105: u-boot - Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached blo...↗2019

▶