{"id":"ALPINE-CVE-2021-27097","details":"The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.","modified":"2025-12-03T22:51:20.971468Z","published":"2021-02-17T23:15:13.653Z","upstream":["CVE-2021-27097"],"references":[{"type":"ADVISORY","url":"https://security.alpinelinux.org/vuln/CVE-2021-27097"}],"affected":[{"package":{"name":"u-boot","ecosystem":"Alpine:v3.14","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}},{"package":{"name":"u-boot","ecosystem":"Alpine:v3.15","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}},{"package":{"name":"u-boot","ecosystem":"Alpine:v3.16","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}},{"package":{"name":"u-boot","ecosystem":"Alpine:v3.17","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}},{"package":{"name":"u-boot","ecosystem":"Alpine:v3.18","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}},{"package":{"name":"u-boot","ecosystem":"Alpine:v3.19","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}},{"package":{"name":"u-boot","ecosystem":"Alpine:v3.20","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}},{"package":{"name":"u-boot","ecosystem":"Alpine:v3.21","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}},{"package":{"name":"u-boot","ecosystem":"Alpine:v3.22","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}},{"package":{"name":"u-boot","ecosystem":"Alpine:v3.23","purl":"pkg:apk/alpine/u-boot?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2021.04-r0"}]}],"versions":["2014.04-r0","2014.04-r1","2014.04-r2","2015.01-r0","2015.01-r1","2015.04-r0","2015.04-r1","2016.07-r0","2016.07-r1","2016.07-r2","2017.01-r0","2017.01-r1","2017.01-r2","2018.05-r0","2018.05-r1","2018.05-r2","2018.05-r3","2018.05-r4","2018.05-r5","2019.01-r0","2019.04-r0","2019.04-r1","2019.04-r2","2019.07-r0","2019.10-r0","2020.01-r0","2020.04-r0","2020.07-r0","2020.10-r0","2020.10-r1","2021.01-r0","2021.01-r2","2021.01-r3"],"ecosystem_specific":{},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-27097.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}