Double Free in DENX U-Boot

Published: 2019-08-06 | Updated: 2022-12-20

Risk	Critical
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2019-13105
CWE-ID	CWE-415
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	U-Boot Client/Desktop applications / Other client software
Vendor	DENX

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Double Free

EUVDB-ID: #VU19988

Risk: Critical

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]

CVE-ID: CVE-2019-13105

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the double free error in the "ext_cache_ini" when listing files in a crafted ext4 filesystem. A remote attacker can trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

U-Boot: 2019.07 rc1 - 2019.07 rc4

CPE2.3

External links

https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75
https://github.com/u-boot/u-boot/commits/master
https://lists.denx.de/pipermail/u-boot/2019-July/375513.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.