[PATCH] usb: gadget: dfu: Fix the unchecked length field
Marek Vasut
marex at denx.de
Mon Nov 28 13:47:35 CET 2022
On 11/21/22 18:34, Tom Rini wrote:
> On Thu, Nov 03, 2022 at 09:37:48AM +0530, Venkatesh Yadav Abbarapu wrote:
>
>> DFU implementation does not bound the length field in USB
>> DFU download setup packets, and it does not verify that
>> the transfer direction. Fixing the length and transfer
>> direction.
>>
>> CVE-2022-2347
>>
>> Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu at amd.com>
>> Reviewed-by: Marek Vasut <marex at denx.de>
>
> Applied to u-boot/master, thanks!
So this breaks DFU support in SPL as I just found out.
Any idea why ?
More information about the U-Boot
mailing list