ZDI-CAN-24679: New Vulnerability Report

Tom Rini trini at konsulko.com
Fri Nov 15 00:30:05 CET 2024 

On Thu, Nov 14, 2024 at 03:27:48PM -0800, Tony Dinh wrote:
> Hi Tom,
> Hi Stefan,
> 
> I've trimmed down the CC list a bit.
> 
> On Thu, Nov 14, 2024 at 12:33 PM Tom Rini <trini at konsulko.com> wrote:
> >
> > On Thu, Nov 14, 2024 at 12:18:49PM -0800, Tony Dinh wrote:
> > > Hi Tom,
> > > Hi Stefan,
> > >
> > > On Thu, Nov 14, 2024 at 8:33 AM Tom Rini <trini at konsulko.com> wrote:
> > > >
> > > > On Thu, Nov 14, 2024 at 04:07:15PM +0100, Michal Simek wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > On 11/14/24 15:56, Tom Rini wrote:
> > > > > > On Thu, Nov 14, 2024 at 04:02:29AM +0000, zdi-disclosures at trendmicro.com wrote:
> > > > > >
> > > > > > > Hi,
> > > > > > > Do you have any updates to share regarding this vulnerability report?
> > > > > >
> > > > > > Michal, microblaze-generic is the most active platform that enables
> > > > > > FS_JFFS2 by default and so vulnerable here. Can you find some resources
> > > > > > to look in to fixing this please? Thanks.
> > > > >
> > > > > We have actually discussed this recently and we have other issues with jffs2
> > > > > and not going to fix it or recommend to use it.
> > > > > JFFS2 should be removed from our configs and it is also not under our regression.
> > > >
> > > > Ah OK, thanks. Adding a few more maintainers now then.
> > >
> > > Does this affect only boards that explicitly use CMD_JFFS2? how about
> > > boards that have not been converted to bootstd and still use "nand
> > > read" like this:
> > >
> > > include/configs/openrd.h
> > >
> > > #define CFG_EXTRA_ENV_SETTINGS  "x_bootargs=console=ttyS0,115200 " \
> > >         CONFIG_MTDPARTS_DEFAULT " rw ubi.mtd=2,2048\0" \
> > >         "x_bootcmd_kernel=nand read 0x6400000 0x100000 0x300000\0"      \
> >
> > It's a problem for boards which read from JFFS2 in U-Boot, yes. So in
> > the case of the kernel / etc being read from a raw location (or ubi or
> > what-have-you), if FS_JFFS2 (or CMD_JFFS2, same list of platforms) is
> > disabled the problem goes away. And if we're down to just a few lightly
> > used platforms, we can just drop JFFS2 support. Thanks!
> >
> > --
> > Tom
> 
> I did a survey. Currently, we have 27 boards that use JFFS2. In that,
> I can take care of 15 boards (1 Armada XP and 14 Kirkwood).
> 
> - 10 boards with trivial changes (just remove JFFS2 from defconfigs)
> 
> configs/dns325_defconfig:CONFIG_CMD_JFFS2=y
> configs/dockstar_defconfig:CONFIG_CMD_JFFS2=y
> configs/goflexhome_defconfig:CONFIG_CMD_JFFS2=y
> configs/guruplug_defconfig:CONFIG_CMD_JFFS2=y
> configs/iconnect_defconfig:CONFIG_CMD_JFFS2=y
> configs/nas220_defconfig:CONFIG_CMD_JFFS2=y
> configs/nsa310s_defconfig:CONFIG_CMD_JFFS2=y
> configs/nsa325_defconfig:CONFIG_CMD_JFFS2=y
> configs/pogo_v4_defconfig:CONFIG_CMD_JFFS2=y
> configs/pogo_e02_defconfig:CONFIG_CMD_JFFS2=y
> 
> - Four boards (actually 2 boards, openrd has 3 variations) need
> convert to bootstd and remove JFFS2
> 
> configs/openrd_base_defconfig:CONFIG_CMD_JFFS2=y
> configs/openrd_client_defconfig:CONFIG_CMD_JFFS2=y
> configs/openrd_ultimate_defconfig:CONFIG_CMD_JFFS2=y
> configs/sheevaplug_defconfig:CONFIG_CMD_JFFS2=y
> 
> - One board needs to remove legacy boot sequence and remove JFFS2
> (bootstd already done)
> 
> configs/ds414_defconfig:CONFIG_CMD_JFFS2=y
> 
> Hopefully someone will take care of the 12 remaining boards.

Great, thanks!

> 
> All the best,
> Tony

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20241114/3b93489f/attachment.sig>

More information about the U-Boot mailing list