| Package | u-boot |
|---|---|
| Version | 2016.11+dfsg1-4+deb9u2 (stretch) |
| Related CVEs | CVE-2025-24857 |
It was found that improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.
For Debian 9 stretch, these problems have been fixed in version 2016.11+dfsg1-4+deb9u2.
We recommend that you upgrade your u-boot packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.