CVE-2022-2347: Unchecked Download size in Uboot
First published: Thu Jul 07 2022(Updated: )
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.
Credit: cve-coordination@google.com cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| DENX U-Boot | >=2012.10<=2022.07 | |
| ubuntu/u-boot | <2020.10+dfsg-1ubuntu0~18.04.3 | 2020.10+dfsg-1ubuntu0~18.04.3 |
| ubuntu/u-boot | <2021.01+dfsg-3ubuntu0~20.04.5 | 2021.01+dfsg-3ubuntu0~20.04.5 |
| ubuntu/u-boot | <2022.01+dfsg-2ubuntu2.3 | 2022.01+dfsg-2ubuntu2.3 |
| ubuntu/u-boot | <2022.07+dfsg-1ubuntu4.2 | 2022.07+dfsg-1ubuntu4.2 |
| ubuntu/u-boot | <2022.07+dfsg-1ubuntu7 | 2022.07+dfsg-1ubuntu7 |
| ubuntu/u-boot | <2022.07+dfsg-1ubuntu7 | 2022.07+dfsg-1ubuntu7 |
| ubuntu/u-boot-nezha | <2022.04+ | 2022.04+ |
| ubuntu/u-boot-nezha | <2022.10-1089- | 2022.10-1089- |
| debian/u-boot | <=2019.01+dfsg-7<=2021.01+dfsg-5 | 2023.01+dfsg-2 2024.01+dfsg-1 2024.01+dfsg-5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://seclists.org/oss-sec/2022/q3/41
- https://launchpad.net/bugs/cve/CVE-2022-2347
- https://www.openwall.com/lists/oss-security/2022/07/08/2
- https://source.denx.de/u-boot/u-boot/-/commit/fbce985e28eaca3af82afecc11961aadaf971a7e
- https://security-tracker.debian.org/tracker/CVE-2022-2347
- https://ubuntu.com/security/notices/USN-5764-1
- https://ubuntu.com/security/notices/USN-6523-1
- https://www.cve.org/CVERecord?id=CVE-2022-2347
- https://nvd.nist.gov/vuln/detail/CVE-2022-2347
- https://github.com/u-boot/u-boot/commit/fbce985e28eaca3af82afecc11961aadaf971a7e
- https://ubuntu.com/security/CVE-2022-2347
Frequently Asked Questions
What is CVE-2022-2347?
CVE-2022-2347 is a vulnerability in UBoot that allows a physically attacker to execute arbitrary code or cause a denial of service.
How does CVE-2022-2347 impact UBoot?
CVE-2022-2347 allows a physically attacker to exploit an unchecked length field in UBoot, leading to arbitrary code execution or denial of service.
What is the severity of CVE-2022-2347?
CVE-2022-2347 has a severity rating of 7.1 (high).
How can I fix CVE-2022-2347?
To mitigate CVE-2022-2347, it is recommended to update UBoot to a version beyond 2022.07 or apply any patches provided by the vendor.
Where can I find more information about CVE-2022-2347?
More information about CVE-2022-2347 can be found at the following reference: [seclists.org/oss-sec/2022/q3/41](https://seclists.org/oss-sec/2022/q3/41).
- collector/nvd-index
- agent/weakness
- agent/type
- agent/author
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/title
- agent/severity
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- vendor/denx
- canonical/denx u-boot
- version/denx u-boot/2012.10
- version/denx u-boot/2022.07
- package-manager/ubuntu
- package-manager/debian