CVE-2024-42040 — HIGH (8.1)

Q: How severe is CVE-2024-42040?

CVE-2024-42040 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-42040?

Check the references section above for vendor advisories and patch information. Affected products include: Denx U-Boot.

Vulnerability Description

Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Denx	U-Boot	<= 2025.10

Related Weaknesses (CWE)

CWE-120

References

https://github.com/u-boot/u-boot/tagsRelease Notes
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txtMitigationThird Party Advisory
http://seclists.org/fulldisclosure/2024/Aug/38Mailing ListMitigationThird Party Advisory

FAQ

What is CVE-2024-42040?

CVE-2024-42040 is a vulnerability with a CVSS score of 8.1 (HIGH). Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four ...

How severe is CVE-2024-42040?

CVE-2024-42040 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-42040?

Check the references section above for vendor advisories and patch information. Affected products include: Denx U-Boot.