ZDI-CAN-24679: New Vulnerability Report
Michal Simek
michal.simek at amd.com
Thu Nov 14 16:07:15 CET 2024
Hi,
On 11/14/24 15:56, Tom Rini wrote:
> On Thu, Nov 14, 2024 at 04:02:29AM +0000, zdi-disclosures at trendmicro.com wrote:
>
>> Hi,
>> Do you have any updates to share regarding this vulnerability report?
>
> Michal, microblaze-generic is the most active platform that enables
> FS_JFFS2 by default and so vulnerable here. Can you find some resources
> to look in to fixing this please? Thanks.
We have actually discussed this recently and we have other issues with jffs2 and
not going to fix it or recommend to use it.
JFFS2 should be removed from our configs and it is also not under our regression.
Thanks,
Michal
More information about the U-Boot
mailing list