CVE-2019-11059

Published: 10 May 2019

Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
u-boot
Launchpad, Ubuntu, Debian
Upstream
Released (2019.01+dfsg-6)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2020.04+dfsg-2ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2019.07+dfsg-1ubuntu6)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2019.07+dfsg-1ubuntu4~18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://gitlab.denx.de/u-boot/u-boot/commit/febbc583319b567fe3d83e521cc2ace9be8d1501