Bug 1144681 - (CVE-2019-13105) VUL-1: CVE-2019-13105: u-boot: double-free a cached block of data when listing files in a crafted ext4 filesystem
(CVE-2019-13105)
VUL-1: CVE-2019-13105: u-boot: double-free a cached block of data when listin...
Status: RESOLVED UPSTREAM
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P5 - None : Minor (vote)
: ---
Assigned To: Matthias Brugger
Security Team bot
https://smash.suse.de/issue/239126/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-08-07 12:40 UTC by Alexandros Toptsoglou
Modified: 2019-08-12 13:13 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-08-07 12:40:09 UTC
CVE-2019-13105

Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached
block of data when listing files in a crafted ext4 filesystem.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13105
https://github.com/u-boot/u-boot/commits/master
https://lists.denx.de/pipermail/u-boot/2019-July/375513.html
https://gist.github.com/deephooloovoo/d91b81a1674b4750e662dfae93804d75
Comment 1 Alexandros Toptsoglou 2019-08-07 12:42:16 UTC
affects only version 2019.07. Tw ships 2019.04. The fix can be found at [1]. 
Closing as resolved --> upstream