[PATCH] usb: gadget: dfu: Fix the unchecked length field
Marek Vasut
marex at denx.de
Thu Nov 3 16:22:58 CET 2022
On 11/3/22 05:07, Venkatesh Yadav Abbarapu wrote:
> DFU implementation does not bound the length field in USB
> DFU download setup packets, and it does not verify that
> the transfer direction. Fixing the length and transfer
> direction.
>
> CVE-2022-2347
+CC Tom
Reading through https://seclists.org/oss-sec/2022/q3/41 the disclosure
timeline at the end, I am really sad that this only reached me (as the
USB maintainer) now in this form.
Maybe there should be some dedicated advertised ML for these things ?
> Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu at amd.com>
Reviewed-by: Marek Vasut <marex at denx.de>
Tom, please pick this directly soon.
More information about the U-Boot
mailing list