[PATCH] board: amlogic: fix buffler overflow in serial & usid read
Tom Rini
trini at konsulko.com
Wed Mar 20 13:44:12 CET 2024
On Wed, Mar 20, 2024 at 09:26:29AM +0100, Neil Armstrong wrote:
> On 20/03/2024 06:28, Dan Carpenter wrote:
> > On Tue, Mar 19, 2024 at 03:53:24PM +0100, Neil Armstrong wrote:
> > > While meson_sm_read_efuse() doesn't overflow, the string is not
> > > zero terminated and env_set() will buffer overflow and add random
> > > characters to environment.
> > >
> >
> > In the Linux kernel we would give this a CVE because it's information
> > disclosure bug...
>
> Yes probably
Yes, but this isn't the Linux kernel and we aren't a CNA. I don't object
to someone getting a CVE if so inclined, but we don't have the resources
to follow in the kernel's footsteps here either.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240320/6a8f27c1/attachment.sig>
More information about the U-Boot
mailing list