[U-Boot] [PATCH v9 10/10] arm: bootm: fix sp detection at end of address range
Frank Wunderlich
frank-w at public-files.de
Fri Dec 21 13:09:13 UTC 2018
just a thought, that someone load a script from tftp (scr) which will be executed locally and imho can also contain mw-commands (like my one adding 0-characters). this can be modified from remote...
i will not say that this have to be done, just a thought :)
for loading from filesystem/fat with modified address there is also the need for local access right? or do you mean that this can be modified (local uenv.txt) from operation system and applied by next reboot?
regards Frank
Gesendet: Freitag, 21. Dezember 2018 um 13:56 Uhr
Von: "Simon Goldschmidt" <simon.k.r.goldschmidt at gmail.com>
Well, the idea of the CVE was that you can overwrite U-Boot in RAM without actually having access. You "only" need to control the file system or tftp server.
When doing 'mw', you actually need to have access to the U-Boot shell. That's a different level. I'm not sure we need to limit access there...
More information about the U-Boot
mailing list