Debian 11: DLA-4150-1 critical: u-boot buffer overflow and DoS
debian lts
May 1, 2025
Multiple vulnerabilties were discovered in u-boot, a boot loader for embedded systems
Topics Covered
Summary
Multiple vulnerabilties were discovered in u-boot, a boot loader for
embedded systems.
CVE-2022-2347
An unchecked length field leading to a heap overflow.
CVE-2022-30552 and CVE-2022-30790
Buffer Overflow.
CVE-2022-30767 (CVE-2019-14196)
Unbounded memcpy with a failed length check, leading to a buffer
overflow. This issue exists due to an incorrect fix for CVE-2019-
14196.
CVE-2022-33103
Out-of-bounds write.
CVE-2022-33967
Heap-based buffer overflow vulnerability which may lead to a denial-
of-service (DoS).
CVE-2022-34835
Integer signedness error and resultant stack-based buffer overflow.
CVE-2024-57254
Integer overflow.
CVE-2024-57255
Integer overflow.
CVE-2024-57256
Integer overflow.
CVE-2024-57257
Stack consumption issue.
CVE-2024-57258
Multiple integer overflows.
CVE-2024-57259
Off-by-one error resulting in heap memory corruption.
For Debian 11 bullseye, these problems have been fixed in version
2021.01+dfsg-5+deb11u1.
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: u-boot
Version: 2021.01+dfsg-5+deb11u1
CVE ID: CVE-2019-14196 CVE-2022-2347 CVE-2022-30552 CVE-2022-30767
Debian Bug: 1014470 1014471 1014528 1014529 1014959 1098254
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!