Das U‑Boot contained a dangerous stack‑based buffer overflow in its NFS reply handling code — tracked as CVE‑2019‑14204 — that affects all upstream releases up through 2019.07 and can be triggered when a crafted NFS/UDP response is parsed by the bootloader’s nfs_handler helper...
