[PATCH] usb: gadget: dfu: Fix the unchecked length field
Tom Rini
trini at konsulko.com
Mon Nov 21 18:34:15 CET 2022
On Thu, Nov 03, 2022 at 09:37:48AM +0530, Venkatesh Yadav Abbarapu wrote:
> DFU implementation does not bound the length field in USB
> DFU download setup packets, and it does not verify that
> the transfer direction. Fixing the length and transfer
> direction.
>
> CVE-2022-2347
>
> Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu at amd.com>
> Reviewed-by: Marek Vasut <marex at denx.de>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20221121/b5bb2264/attachment.sig>
More information about the U-Boot
mailing list