CVE-2019-14200 Siemens CVE debrief

Who should care

OEMs, firmware maintainers, and operators of systems that use U-Boot for network booting or NFS-based boot workflows, especially where the bootloader is exposed on trusted or semi-trusted networks.

Technical summary

NVD describes a stack-based buffer overflow in the nfs_handler reply helper function rpc_lookup_reply, with affected CPE coverage for denx:u-boot through 2019.07. The published CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8), indicating a remotely reachable flaw with no privileges or user interaction required and high impact if triggered.

Defensive priority

Urgent. This is a critical, remotely reachable memory corruption issue in a foundational boot component; exposure during network boot or NFS reply handling can put firmware integrity and availability at risk.

Recommended defensive actions

• Upgrade to a U-Boot release or vendor backport that removes the vulnerable rpc_lookup_reply/NFS reply handling flaw.
• If you cannot patch immediately, disable or restrict NFS/network boot paths that rely on the affected U-Boot code.
• Limit access to boot services to trusted management networks and isolate them from general-purpose network segments.
• Inventory downstream firmware, board support packages, and OEM images that embed U-Boot through 2019.07 and verify whether the fix was backported.
• Watch for unexpected bootloader crashes or repeated boot failures on systems that use NFS-based booting.

Evidence notes

The supplied NVD record states that Das U-Boot through 2019.07 is affected and classifies the flaw as CWE-787. The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. References in the record include a Semmle advisory, the U-Boot GitLab repository, and a Siemens product security advisory. No fixed version is provided in the supplied corpus.

Official resources