Double Free Affecting u-boot package, versions <2020.10+dfsg-1ubuntu0~18.04.2


Severity

Recommended
low

Based on Ubuntu security rating.

Threat Intelligence

EPSS
0.73% (81st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Double Free vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-UBUNTU1804-UBOOT-557069
  • published29 Jan 2020
  • disclosed29 Jan 2020

Introduced: 29 Jan 2020

CVE-2020-8432  (opens in a new tab)
CWE-415  (opens in a new tab)

How to fix?

Upgrade Ubuntu:18.04 u-boot to version 2020.10+dfsg-1ubuntu0~18.04.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream u-boot package and not the u-boot package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.

CVSS Scores

version 3.1