Needs a check in the device tree
jianqiang wang
wjq.sec at gmail.com
Wed Jun 5 15:40:36 CEST 2024
Dear Das U-Boot developers,
I found that the u-boot device tree implementation lacks a check for the
off_dt_struct field in the device tree.
In file scripts\dtc\libfdt\libfdt_internal.h, fdt_offset_ptr_ returns the
dt struct address. It calculates the address by adding the header address,
fdt offset, and a specified offset. However, the fdt offset is read from
the device tree and lacks a proper check. The returned pointer can even
point to any address, leading to arbitrary read or write.
Could you please confirm it is a vulnerability?
best regards
Jianqiang
More information about the U-Boot
mailing list