Known Vulnerabilities for products from Pengutronix
Listed below are 11 of the newest known vulnerabilities associated with the vendor "Pengutronix".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34963 json | barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c wh... | Not Provided | 2026-05-11 | 2026-05-13 |
| CVE-2026-34962 json | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_commo... | Not Provided | 2026-05-11 | 2026-05-13 |
| CVE-2026-34961 json | barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validati... | Not Provided | 2026-05-11 | 2026-05-13 |
| CVE-2026-34960 json | barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcp_messag... | Not Provided | 2026-05-11 | 2026-05-16 |
| CVE-2026-34155 json | RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format ex... | Not Provided | 2026-03-31 | 2026-04-03 |
| CVE-2021-37848 json | common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash compa... | 7.5 - HIGH | 2021-08-02 | 2022-07-12 |
| CVE-2021-37847 json | crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verifi... | 7.5 - HIGH | 2021-08-02 | 2021-09-21 |
| CVE-2020-25860 json | The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability... | 6.6 - MEDIUM | 2020-12-21 | 2020-12-29 |
| CVE-2020-13910 json | Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incomin... | 9.1 - CRITICAL | 2020-06-07 | 2020-06-10 |
| CVE-2019-15938 json | Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is ... | 9.8 - CRITICAL | 2019-09-05 | 2020-08-24 |
| CVE-2019-15937 json | Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field ... | 9.8 - CRITICAL | 2019-09-05 | 2020-08-24 |