Bug 717000 (CVE-2020-8432)

Summary:	<dev-embedded/u-boot-tools-2020.04: double free vulnerability (CVE-2020-8432)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	normal	CC:	embedded
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.mail-archive.com/u-boot@lists.denx.de/msg354060.html
See Also:	https://github.com/gentoo/gentoo/pull/17699 https://github.com/gentoo/gentoo/pull/19533
Whiteboard:	C2 [glsa cve]
Package list:		Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2020-04-10 22:45:33 UTC

CVE-2020-8432 (https://nvd.nist.gov/vuln/detail/CVE-2020-8432):
  In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c
  do_rename_gpt_parts() function. Double freeing may result in a
  write-what-where condition, allowing an attacker to execute arbitrary code.
  NOTE: this vulnerablity was introduced when attempting to fix a memory leak
  identified by static analysis.

Comment 1 John Helmert III archtester

2021-01-03 16:35:15 UTC

Alright, it looks like the commit that fixes this was made on 20200121: https://gitlab.denx.de/u-boot/u-boot/-/commit/5749faa3d6837d6dbaf2119fc3ec49a326690c8f

Can we stable newest u-boot-tools? CCing Slyfox since he's the author of this revision.

Comment 2 Sam James archtester

2021-01-06 01:04:47 UTC

amd64 done

Comment 3 Sam James archtester

2021-01-06 06:34:23 UTC

x86 done

Comment 4 Sam James archtester

2021-01-06 06:37:07 UTC

arm done

all arches done

Comment 5 Sam James archtester

2021-01-06 06:38:48 UTC

Please cleanup, thanks!

Comment 6 John Helmert III archtester

2021-07-23 01:42:07 UTC

GLSA request filed.