Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

u-boot — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in u-boot, with AI-generated Chinese analysis, references, and POCs.

This page catalogs security weaknesses within U-Boot, an open-source bootloader used across numerous embedded systems and hardware platforms. It aggregates known vulnerabilities affecting the U-Boot firmware, providing a centralized resource for tracking security issues specific to this foundational software component. The collection focuses on vulnerabilities discovered, reported, or patched within the U-Boot ecosystem, covering a comprehensive historical timeline from early public disclosures to recent updates. This scope ensures that users can access data regarding both legacy and current security concerns relevant to the bootloader’s various versions and configurations. Here, you can discover critical insights into how the U-Boot development team and the broader community respond to security threats. By reviewing these entries, you can track vendor advisories related to specific U-Boot releases, understand the nature and severity of distinct weakness classes such as memory corruption or authentication bypasses, and examine the full vulnerability history of specific product implementations that rely on this bootloader. This information supports better risk assessment and maintenance strategies for systems utilizing U-Boot.

Vendor: Das

CVE IDTitleCVSSSeverityPublished
CVE-2026-29009 U-Boot 2026.04-rc3 Buffer Overflow in nfs_readlink_reply() via NFS READLINK CWE-120 8.2 High2026-07-08
CVE-2026-29008 U-Boot 2026.04-rc3 Integer Underflow DoS via tcp_rx_state_machine() CWE-191 7.5 High2026-07-08
CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c CWE-125 5.3 Medium2026-07-08
CVE-2026-46728 DENX Software Engineering Das U-Boot 访问控制错误漏洞 CWE-346 8.2 High2026-05-16
CVE-2024-57254 DENX Software Engineering Das U-Boot 安全漏洞 CWE-190 7.1 High2025-02-18
CVE-2024-57256 DENX Software Engineering Das U-Boot 安全漏洞 CWE-190 7.1 High2025-02-18
CVE-2024-57255 DENX Software Engineering Das U-Boot 安全漏洞 CWE-190 7.1 High2025-02-18
CVE-2024-57258 DENX Software Engineering Das U-Boot 安全漏洞 CWE-190 7.1 High2025-02-18
CVE-2024-57257 DENX Software Engineering Das U-Boot 安全漏洞 CWE-674 2.0 Low2025-02-18
CVE-2024-57259 DENX Software Engineering Das U-Boot 安全漏洞 CWE-193 7.1 High2025-02-18
CVE-2022-33967 DENX U-Boot 缓冲区错误漏洞 7.8 -2022-07-20
CVE-2017-3225 Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector that may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data CWE-329 3.9 -2018-07-24
CVE-2017-3226 Das U-Boot's AES-CBC encryption feature improperly handles an error condition and may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data CWE-329 6.4 -2018-07-24

All 13 known CVE vulnerabilities affecting u-boot with full Chinese analysis, references, and POCs where available.