CVE-2025-24857

Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-01

Affected packages

Git / github.com/u-boot/u-boot

Affected ranges

Type

GIT

Repo

https://github.com/u-boot/u-boot

Events

Introduced

Fixed

c253573f3e269fd9a24ee6684d87dd91106018a5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2017.11"
        }
    ]
}

Affected versions

Other

LABEL_2002_11_05_0120

LABEL_2002_11_05_1735

LABEL_2002_11_10_2310

LABEL_2002_11_11_2211

LABEL_2002_11_18_0115

LABEL_2002_11_22_0015

LABEL_2002_12_03_2230

LABEL_2002_12_07_0120

LABEL_2002_12_21_0040

LABEL_2002_12_28_1700

LABEL_2003_01_11_1050

LABEL_2003_01_14_0055

LABEL_2003_02_28_0150

LABEL_2003_03_06_0050

LABEL_2003_03_06_0200

LABEL_2003_03_06_1440

LABEL_2003_03_06_2255

LABEL_2003_03_14_2150

LABEL_2003_03_25_1830

LABEL_2003_03_26_1300

LABEL_2003_03_27_1900

LABEL_2003_04_05_0300

LABEL_2003_04_15_1900

LABEL_2003_05_03_1700

LABEL_2003_05_12_2355

LABEL_2003_05_20_1630

LABEL_2003_05_20_2250

LABEL_2003_05_22_2230

LABEL_2003_05_23_0055

LABEL_2003_05_23_1450

LABEL_2003_05_30_1450

LABEL_2003_05_31_2115

LABEL_2003_06_04_0200

LABEL_2003_06_05_2140

LABEL_2003_06_16_0055

LABEL_2003_06_22_1530

LABEL_2003_06_26_2220

LABEL_2003_06_27_2340

LABEL_2003_06_29_0145

LABEL_2003_09_06_0055

LABEL_2003_09_12_0110

LABEL_2003_09_12_1745

LABEL_2003_09_13_2100

LABEL_2003_09_16_2310

LABEL_2003_09_18_2045

LABEL_2003_10_01_1830

LABEL_2003_10_06_2355

LABEL_2003_10_09_1515

LABEL_2003_10_09_2320

LABEL_2003_10_10_1200

LABEL_2003_10_14_2140

LABEL_2003_10_16_0200

LABEL_2003_10_20_0025

LABEL_2003_11_26_MKR

LABEL_2003_12_06_1550

LABEL_2004_01_21_2110

LABEL_2004_01_29_1030

LABEL_2004_02_11_2240

LABEL_2004_02_20_2310

LABEL_2004_02_24_0305

LABEL_2004_03_12_0130

LABEL_2004_03_14_2340

LABEL_2004_03_16_2330

LABEL_2004_03_25_1630

LABEL_2004_04_18_2135

LABEL_2004_04_23_2240

LABEL_2004_05_19_2335

LABEL_2004_05_29_1850

LABEL_2004_06_24_1800

LABEL_2004_07_01_1200

LABEL_2004_08_28_2355

LABEL_2004_08_29_0045

LABEL_2004_09_09_0000

LABEL_2004_10_12_0110

LABEL_2004_10_20_0020

LABEL_2004_11_17_2222

LABEL_2004_11_25_0035

LABEL_2004_12_18_2335

LABEL_2004_12_19_1100

LABEL_2004_12_19_2240

LABEL_2004_12_20_1220

LABEL_2005_01_31_2245

LABEL_2005_02_07_2045

LABEL_2005_02_08_1615

LABEL_2005_02_28_0050

LABEL_2005_03_06_0225

LABEL_2005_03_15_0125

LABEL_2005_04_05_1830

LABEL_2005_04_05_2345

LABEL_2005_04_14_0115

LABEL_2005_05_05_1920

LABEL_2005_05_09_1245

LABEL_2005_05_13_0050

LABEL_2005_07_04_0202

LABEL_2005_09_15_2320

LABEL_2006_04_18_1106

LABEL_2006_05_10_1800

LABEL_2006_05_19_1133

LABEL_2006_06_30_2020

U-Boot-0_2_0

U-Boot-0_3_0

U-Boot-0_3_1

U-Boot-0_4_0

U-Boot-0_4_1

U-Boot-0_4_2

U-Boot-0_4_3

U-Boot-0_4_4

U-Boot-0_4_5

U-Boot-0_4_6

U-Boot-0_4_7

U-Boot-0_4_8

U-Boot-1_0_0

U-Boot-1_0_1

U-Boot-1_0_2

U-Boot-1_1_0

U-Boot-1_1_1

U-Boot-1_1_2

U-Boot-1_1_3

U-Boot-1_1_4

U-Boot-1_1_6

U-Boot-1_2_0

v1.*

v1.3.1

v1.3.1-rc1

v1.3.2

v1.3.2-rc2

v1.3.2-rc3

v1.3.3

v1.3.3-rc1

v1.3.3-rc2

v1.3.3-rc3

v2008.*

v2008.10-rc2

v2009.*

v2009.01

v2009.01-rc1

v2009.01-rc2

v2009.01-rc3

v2009.03

v2009.03-rc1

v2009.03-rc2

v2009.06

v2009.06-rc1

v2009.06-rc2

v2009.06-rc3

v2009.08

v2009.08-rc1

v2009.08-rc2

v2009.08-rc3

v2009.11

v2009.11-rc1

v2009.11-rc2

v2010.*

v2010.03

v2010.03-rc1

v2010.03-rc2

v2010.03-rc3

v2010.06-rc1

v2010.06-rc2

v2010.09

v2010.09-rc1

v2010.12

v2010.12-rc1

v2010.12-rc2

v2010.12-rc3

v2011.*

v2011.03

v2011.03-rc1

v2011.03-rc2

v2011.06

v2011.06-rc1

v2011.06-rc2

v2011.06-rc3

v2011.09

v2011.09-rc1

v2011.09-rc2

v2011.12

v2011.12-rc1

v2011.12-rc2

v2011.12-rc3

v2012.*

v2012.04

v2012.04-rc1

v2012.04-rc2

v2012.04-rc3

v2012.04.01

v2012.07

v2012.07-rc1

v2012.07-rc2

v2012.07-rc3

v2012.10

v2012.10-rc1

v2012.10-rc2

v2012.10-rc3

v2013.*

v2013.01

v2013.01-rc1

v2013.01-rc2

v2013.01-rc3

v2013.04

v2013.04-rc1

v2013.04-rc2

v2013.04-rc3

v2013.07

v2013.07-rc1

v2013.07-rc2

v2013.07-rc3

v2013.10

v2013.10-rc1

v2013.10-rc2

v2013.10-rc3

v2013.10-rc4

v2014.*

v2014.01-rc1

v2014.04

v2014.07

v2014.07-rc1

v2014.07-rc2

v2014.07-rc3

v2014.07-rc4

v2014.10

v2014.10-rc1

v2014.10-rc2

v2014.10-rc3

v2015.*

v2015.01

v2015.01-rc1

v2015.01-rc2

v2015.01-rc3

v2015.01-rc4

v2015.04

v2015.04-rc1

v2015.04-rc2

v2015.04-rc3

v2015.04-rc4

v2015.04-rc5

v2015.07

v2015.07-rc1

v2015.07-rc2

v2015.07-rc3

v2015.10

v2015.10-rc1

v2015.10-rc2

v2015.10-rc3

v2015.10-rc4

v2015.10-rc5

v2016.*

v2016.01

v2016.01-rc1

v2016.01-rc2

v2016.01-rc3

v2016.01-rc4

v2016.03

v2016.03-rc1

v2016.03-rc2

v2016.03-rc3

v2016.05

v2016.05-rc1

v2016.05-rc2

v2016.05-rc3

v2016.07

v2016.07-rc1

v2016.07-rc2

v2016.07-rc3

v2016.09

v2016.09-rc1

v2016.09-rc2

v2016.11

v2016.11-rc1

v2016.11-rc2

v2016.11-rc3

v2017.*

v2017.01

v2017.01-rc1

v2017.01-rc2

v2017.01-rc3

v2017.03

v2017.03-rc1

v2017.03-rc2

v2017.03-rc3

v2017.05

v2017.05-rc1

v2017.05-rc2

v2017.05-rc3

v2017.07

v2017.07-rc1

v2017.07-rc2

v2017.07-rc3

v2017.09

v2017.09-rc1

v2017.09-rc2

v2017.09-rc3

v2017.09-rc4

v2017.11-rc1

v2017.11-rc2

v2017.11-rc3

v2017.11-rc4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24857.json"