Aqua Vulnerability Database
Get Demo
Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities
CVE-2021-27138
Published:
Feb 17, 2021
| Modified:
Feb 24, 2021
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVD
https://nvd.nist.gov/vuln/detail/CVE-2021-27138
CWE
https://cwe.mitre.org/data/definitions/.html
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
Affected Software
Name
Vendor
Start Version
End Version
U-boot
Denx
*
2021.01
U-boot
Denx
2021.04
2021.04
References
https://github.com/u-boot/u-boot/commit/3f04db891a353f4b127ed57279279f851c6b4917
https://github.com/u-boot/u-boot/commit/79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
https://github.com/u-boot/u-boot/commit/b6f4c757959f8850e1299a77c8e5713da78e8ec0
Aqua Container Security