vulnerability
Ubuntu: (CVE-2024-42040): u-boot vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:A/AC:L/Au:N/C:C/I:N/A:C) | Aug 23, 2024 | Jun 26, 2025 | Mar 27, 2026 |
Severity
8
CVSS
(AV:A/AC:L/Au:N/C:C/I:N/A:C)
Published
Aug 23, 2024
Added
Jun 26, 2025
Modified
Mar 27, 2026
Description
Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.
Solution
no-fix-ubuntu-package
References
- CVE-2024-42040
- https://attackerkb.com/topics/CVE-2024-42040
- CWE-120
- EUVD-EUVD-2024-39870
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-39870
- https://lists.denx.de/pipermail/u-boot/2024-August/562528.html
- https://www.cve.org/CVERecord?id=CVE-2024-42040
- https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.