CVE-2021-27097

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-27097

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27097.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-27097

Downstream

ALPINE-CVE-2021-27097

DEBIAN-CVE-2021-27097

DLA-4320-1

OESA-2021-1130

UBUNTU-CVE-2021-27097

Published

2021-02-17T23:15:13.653Z

Modified

2025-11-20T11:38:25.803325Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.

References

Affected packages

Git / github.com/u-boot/u-boot

Affected ranges

Type: GIT
Repo: https://github.com/u-boot/u-boot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01

Fixed

8a7d4cf9820ea16fabd25a6379351b4dc291204b

Fixed

b6f4c757959f8850e1299a77c8e5713da78e8ec0

Affected versions

Other

DENX-2005-10-29-2350

LABEL_2002_11_05_0120

LABEL_2002_11_05_1735

LABEL_2002_11_10_2310

LABEL_2002_11_11_2211

LABEL_2002_11_18_0115

LABEL_2002_11_22_0015

LABEL_2002_12_03_2230

LABEL_2002_12_07_0120

LABEL_2002_12_21_0040

LABEL_2002_12_28_1700

LABEL_2003_01_11_1050

LABEL_2003_01_14_0055

LABEL_2003_02_28_0150

LABEL_2003_03_06_0050

LABEL_2003_03_06_0200

LABEL_2003_03_06_1440

LABEL_2003_03_06_2255

LABEL_2003_03_14_2150

LABEL_2003_03_25_1830

LABEL_2003_03_26_1300

LABEL_2003_03_27_1900

LABEL_2003_04_05_0300

LABEL_2003_04_15_1900

LABEL_2003_05_03_1700

LABEL_2003_05_12_2355

LABEL_2003_05_20_1630

LABEL_2003_05_20_2250

LABEL_2003_05_22_2230

LABEL_2003_05_23_0055

LABEL_2003_05_23_1450

LABEL_2003_05_30_1450

LABEL_2003_05_31_2115

LABEL_2003_06_04_0200

LABEL_2003_06_05_2140

LABEL_2003_06_16_0055

LABEL_2003_06_22_1530

LABEL_2003_06_26_2220

LABEL_2003_06_27_2340

LABEL_2003_06_29_0145

LABEL_2003_09_06_0055

LABEL_2003_09_12_0110

LABEL_2003_09_12_1745

LABEL_2003_09_13_2100

LABEL_2003_09_16_2310

LABEL_2003_09_18_2045

LABEL_2003_10_01_1830

LABEL_2003_10_06_2355

LABEL_2003_10_09_1515

LABEL_2003_10_09_2320

LABEL_2003_10_10_1200

LABEL_2003_10_14_2140

LABEL_2003_10_16_0200

LABEL_2003_10_20_0025

LABEL_2003_11_26_MKR

LABEL_2003_12_06_1550

LABEL_2004_01_21_2110

LABEL_2004_01_29_1030

LABEL_2004_02_11_2240

LABEL_2004_02_20_2310

LABEL_2004_02_24_0305

LABEL_2004_03_12_0130

LABEL_2004_03_14_2340

LABEL_2004_03_16_2330

LABEL_2004_03_25_1630

LABEL_2004_04_18_2135

LABEL_2004_04_23_2240

LABEL_2004_05_19_2335

LABEL_2004_05_29_1850

LABEL_2004_06_24_1800

LABEL_2004_07_01_1200

LABEL_2004_08_28_2355

LABEL_2004_08_29_0045

LABEL_2004_09_09_0000

LABEL_2004_10_12_0110

LABEL_2004_10_20_0020

LABEL_2004_11_17_2222

LABEL_2004_11_25_0035

LABEL_2004_12_18_2335

LABEL_2004_12_19_1100

LABEL_2004_12_19_2240

LABEL_2004_12_20_1220

LABEL_2005_01_31_2245

LABEL_2005_02_07_2045

LABEL_2005_02_08_1615

LABEL_2005_02_28_0050

LABEL_2005_03_06_0225

LABEL_2005_03_15_0125

LABEL_2005_04_05_1830

LABEL_2005_04_05_2345

LABEL_2005_04_14_0115

LABEL_2005_05_05_1920

LABEL_2005_05_09_1245

LABEL_2005_05_13_0050

LABEL_2005_07_04_0202

LABEL_2005_08_12_0050

LABEL_2005_09_15_2320

LABEL_2006_03_12_0025

LABEL_2006_04_18_1106

LABEL_2006_05_10_1800

LABEL_2006_05_19_1133

LABEL_2006_06_30_2020

U-Boot-0_2_0

U-Boot-0_3_0

U-Boot-0_3_1

U-Boot-0_4_0

U-Boot-0_4_1

U-Boot-0_4_2

U-Boot-0_4_3

U-Boot-0_4_4

U-Boot-0_4_5

U-Boot-0_4_6

U-Boot-0_4_7

U-Boot-0_4_8

U-Boot-1_0_0

U-Boot-1_0_1

U-Boot-1_0_2

U-Boot-1_1_0

U-Boot-1_1_1

U-Boot-1_1_2

U-Boot-1_1_3

U-Boot-1_1_4

U-Boot-1_1_5

U-Boot-1_1_6

U-Boot-1_2_0

v1.*

v1.3.0

v1.3.0-rc1

v1.3.0-rc2

v1.3.0-rc3

v1.3.0-rc4

v1.3.1

v1.3.1-rc1

v1.3.2

v1.3.2-rc1

v1.3.2-rc2

v1.3.2-rc3

v1.3.3

v1.3.3-rc1

v1.3.3-rc2

v1.3.3-rc3

v1.3.4

v1.3.4-rc1

v1.3.4-rc2

v2008.*

v2008.10

v2008.10-rc1

v2008.10-rc2

v2008.10-rc3

v2009.*

v2009.01

v2009.01-rc1

v2009.01-rc2

v2009.01-rc3

v2009.03

v2009.03-rc1

v2009.03-rc2

v2009.06

v2009.06-rc1

v2009.06-rc2

v2009.06-rc3

v2009.08

v2009.08-rc1

v2009.08-rc2

v2009.08-rc3

v2009.11

v2009.11-rc1

v2009.11-rc2

v2010.*

v2010.03

v2010.03-rc1

v2010.03-rc2

v2010.03-rc3

v2010.06

v2010.06-rc1

v2010.06-rc2

v2010.06-rc3

v2010.09

v2010.09-rc1

v2010.09-rc2

v2010.12

v2010.12-rc1

v2010.12-rc2

v2010.12-rc3

v2011.*

v2011.03

v2011.03-rc1

v2011.03-rc2

v2011.06

v2011.06-rc1

v2011.06-rc2

v2011.06-rc3

v2011.09

v2011.09-rc1

v2011.09-rc2

v2011.12

v2011.12-rc1

v2011.12-rc2

v2011.12-rc3

v2012.*

v2012.04

v2012.04-rc1

v2012.04-rc2

v2012.04-rc3

v2012.04.01

v2012.07

v2012.07-rc1

v2012.07-rc2

v2012.07-rc3

v2012.10

v2012.10-rc1

v2012.10-rc2

v2012.10-rc3

v2013.*

v2013.01

v2013.01-rc1

v2013.01-rc2

v2013.01-rc3

v2013.04

v2013.04-rc1

v2013.04-rc2

v2013.04-rc3

v2013.07

v2013.07-rc1

v2013.07-rc2

v2013.07-rc3

v2013.10

v2013.10-rc1

v2013.10-rc2

v2013.10-rc3

v2013.10-rc4

v2014.*

v2014.01

v2014.01-rc1

v2014.01-rc2

v2014.01-rc3

v2014.04

v2014.04-rc1

v2014.04-rc2

v2014.04-rc3

v2014.07

v2014.07-rc1

v2014.07-rc2

v2014.07-rc3

v2014.07-rc4

v2014.10

v2014.10-rc1

v2014.10-rc2

v2014.10-rc3

v2015.*

v2015.01

v2015.01-rc1

v2015.01-rc2

v2015.01-rc3

v2015.01-rc4

v2015.04

v2015.04-rc1

v2015.04-rc2

v2015.04-rc3

v2015.04-rc4

v2015.04-rc5

v2015.07

v2015.07-rc1

v2015.07-rc2

v2015.07-rc3

v2015.10

v2015.10-rc1

v2015.10-rc2

v2015.10-rc3

v2015.10-rc4

v2015.10-rc5

v2016.*

v2016.01

v2016.01-rc1

v2016.01-rc2

v2016.01-rc3

v2016.01-rc4

v2016.03

v2016.03-rc1

v2016.03-rc2

v2016.03-rc3

v2016.05

v2016.05-rc1

v2016.05-rc2

v2016.05-rc3

v2016.07

v2016.07-rc1

v2016.07-rc2

v2016.07-rc3

v2016.09

v2016.09-rc1

v2016.09-rc2

v2016.11

v2016.11-rc1

v2016.11-rc2

v2016.11-rc3

v2017.*

v2017.01

v2017.01-rc1

v2017.01-rc2

v2017.01-rc3

v2017.03

v2017.03-rc1

v2017.03-rc2

v2017.03-rc3

v2017.05

v2017.05-rc1

v2017.05-rc2

v2017.05-rc3

v2017.07

v2017.07-rc1

v2017.07-rc2

v2017.07-rc3

v2017.09

v2017.09-rc1

v2017.09-rc2

v2017.09-rc3

v2017.09-rc4

v2017.11

v2017.11-rc1

v2017.11-rc2

v2017.11-rc3

v2017.11-rc4

v2018.*

v2018.01

v2018.01-rc1

v2018.01-rc2

v2018.01-rc3

v2018.03

v2018.03-rc1

v2018.03-rc2

v2018.03-rc3

v2018.03-rc4

v2018.05

v2018.05-rc1

v2018.05-rc2

v2018.05-rc3

v2018.07

v2018.07-rc1

v2018.07-rc2

v2018.07-rc3

v2018.09

v2018.09-rc1

v2018.09-rc2

v2018.09-rc3

v2018.11

v2018.11-rc1

v2018.11-rc2

v2018.11-rc3

v2019.*

v2019.01

v2019.01-rc1

v2019.01-rc2

v2019.01-rc3

v2019.04

v2019.04-rc1

v2019.04-rc2

v2019.04-rc3

v2019.04-rc4

v2019.07

v2019.07-rc1

v2019.07-rc2

v2019.07-rc3

v2019.07-rc4

v2019.10

v2019.10-rc1

v2019.10-rc2

v2019.10-rc3

v2019.10-rc4

v2020.*

v2020.01

v2020.01-rc1

v2020.01-rc2

v2020.01-rc3

v2020.01-rc4

v2020.01-rc5

v2020.04

v2020.04-rc1

v2020.04-rc2

v2020.04-rc3

v2020.04-rc4

v2020.04-rc5

v2020.07

v2020.07-rc1

v2020.07-rc2

v2020.07-rc3

v2020.07-rc4

v2020.07-rc5

v2020.10

v2020.10-rc1

v2020.10-rc2

v2020.10-rc3

v2020.10-rc4

v2020.10-rc5

v2021.*

v2021.01

v2021.01-rc1

v2021.01-rc2

v2021.01-rc3

v2021.01-rc4

v2021.01-rc5

v2021.04-rc1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2021-27097-0788cbba",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "131167673951113098808426803882902172172",
                "297642031306219908615520255713678809782",
                "13038855567295276379856237084832402341",
                "215052532392324428463764905164833473622",
                "174180830915547768706808818569342461272",
                "95750898512139293376167359105850453262",
                "277661360281428578522012236020384945835",
                "171438998963056465344946206450277690716",
                "95026624332702259831985095751899192650",
                "125029177911778340456701752955704858336",
                "230661370888417706017265946634266852780",
                "176848285700228865888710769027645112657",
                "208154641509916212661166130962351114133",
                "106279679589828881283325069327557310930",
                "207596728388394743886983235229208090854"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b",
        "target": {
            "file": "common/fdt_region.c"
        }
    },
    {
        "id": "CVE-2021-27097-16810ab5",
        "signature_version": "v1",
        "digest": {
            "function_hash": "328206252406538130281694790924571946016",
            "length": 645.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01",
        "target": {
            "file": "common/image-fit.c",
            "function": "fit_check_format"
        }
    },
    {
        "id": "CVE-2021-27097-498e9bf0",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "161395484950891869238591966796393850803",
                "321892507972849290423788447486456961000",
                "289588865331221651052607348083335618340"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/u-boot/u-boot/commit/6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01",
        "target": {
            "file": "common/image-fit.c"
        }
    }
]