[U-Boot] [PATCH v10 00/10] Fix CVE-2018-18440 and CVE-2018-18439
Tom Rini
trini at konsulko.com
Mon Jan 14 22:54:55 UTC 2019
On Mon, Jan 14, 2019 at 10:38:13PM +0100, Simon Goldschmidt wrote:
> This series fixes CVE-2018-18440 ("insufficient boundary checks in
> filesystem image load") by adding restrictions to the 'load'
> command and fixes CVE-2018-18439 ("insufficient boundary checks in
> network image boot") by adding restrictions to the tftp code.
> The functions from lmb.c are used to setup regions of allowed and
> reserved memory. Then, the file size to load is checked against these
> addresses and loading the file is aborted if it would overwrite
> reserved memory.
>
> The memory reservation code is reused from bootm/image.
> Changes in v10:
> - added acked-by and reviewed-by tags
Note that patchwork collects these automatically and we don't need to
re-post things just for tags. Was anything else changed? Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190114/2f1d24e0/attachment.sig>
More information about the U-Boot
mailing list