[PATCH] dfu: bounds check USB upload and download sizes
Sultan Khan
sultanqasim at gmail.com
Wed Nov 9 02:02:11 CET 2022
Hi Fabio,
Ah, sorry I missed that. This was on my todo list to patch as when I looked last week I didn’t see any patch for it. That patch you linked should also work to solve the issue.
Best regards,
Sultan Qasim Khan
> On Nov 8, 2022, at 7:56 PM, Fabio Estevam <festevam at gmail.com> wrote:
>
> Hi Sultan,
>
> On Tue, Nov 8, 2022 at 9:22 PM Sultan Qasim Khan <sultanqasim at gmail.com> wrote:
>>
>> Also verify transfer directions match what is expected for the operation
>> type. Addresses memory corruption and disclosure vulnerability
>> CVE-2022-2347.
>>
>> Signed-off-by: Sultan Qasim Khan <sultan.qasimkhan at nccgroup.com>
>
> There was a submission already to fix this problem:
> https://lists.denx.de/pipermail/u-boot/2022-November/498977.html
More information about the U-Boot
mailing list