CVE-2024-42040

NameCVE-2024-42040
DescriptionBuffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4642-1
Debian Bugs1081557

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
u-boot (PTS)bullseye2021.01+dfsg-5vulnerable
bullseye (security)2021.01+dfsg-5+deb11u3fixed
bookworm2023.01+dfsg-2+deb12u2vulnerable
bookworm (security)2023.01+dfsg-2+deb12u3fixed
trixie2025.01-3vulnerable
forky, sid2025.01-3.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
u-bootsourcebullseye2021.01+dfsg-5+deb11u3DLA-4642-1
u-bootsourcebookworm2023.01+dfsg-2+deb12u3DLA-4642-1
u-bootsource(unstable)2025.01-3.21081557

Notes

[trixie] - u-boot <postponed> (Minor issue, revisit when fixed upstream)
https://lists.denx.de/pipermail/u-boot/2024-August/562528.html
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt
Fixed by: https://github.com/u-boot/u-boot/commit/81e5708cc2c865df606e49aed5415adb2a662171 (v2026.01-rc1)
Search for package or bug name: Reporting problems