In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. References: https://www.mail-archive.com/u-boot@lists.denx.de/msg354060.html https://www.mail-archive.com/u-boot@lists.denx.de/msg354114.html
Created uboot-tools tracking bugs for this issue: Affects: epel-6 [bug 1838808] Affects: fedora-all [bug 1838807]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.