[PATCH] dfu: bounds check USB upload and download sizes
Fabio Estevam
festevam at gmail.com
Wed Nov 9 01:56:02 CET 2022
Hi Sultan,
On Tue, Nov 8, 2022 at 9:22 PM Sultan Qasim Khan <sultanqasim at gmail.com> wrote:
>
> Also verify transfer directions match what is expected for the operation
> type. Addresses memory corruption and disclosure vulnerability
> CVE-2022-2347.
>
> Signed-off-by: Sultan Qasim Khan <sultan.qasimkhan at nccgroup.com>
There was a submission already to fix this problem:
https://lists.denx.de/pipermail/u-boot/2022-November/498977.html
More information about the U-Boot
mailing list