Pengutronix Barebox vulnerabilities

CVE-2026-33243 [HIGH] CWE-345 CVE-2026-33243: barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corr barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corresponding backport to 2025.09.3), an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a signed configuration. mkimage(1) sets the hashed-node

CVE-2024-57258 [HIGH] CWE-190 CVE-2024-57258: Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.

CVE-2024-57256 [MEDIUM] CWE-190 CVE-2024-57256: An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (addin An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

CVE-2021-37848 [HIGH] CWE-203 CVE-2021-37848: common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison.

CVE-2021-37847 [HIGH] CVE-2021-37847: crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.

CVE-2020-13910 [CRITICAL] CWE-125 CVE-2020-13910: Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c beca Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.

CVE-2019-15938 [CRITICAL] CWE-787 CVE-2019-15938: Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c b Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy.

CVE-2019-15937 [CRITICAL] CWE-787 CVE-2019-15937: Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs. Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy.