ZDI-CAN-24679: New Vulnerability Report
Pavel Machek
pavel at ucw.cz
Thu Nov 21 12:36:35 CET 2024
On Thu 2024-11-14 08:56:36, Tom Rini wrote:
> On Thu, Nov 14, 2024 at 04:02:29AM +0000, zdi-disclosures at trendmicro.com wrote:
>
> > Hi,
> > Do you have any updates to share regarding this vulnerability report?
>
> Michal, microblaze-generic is the most active platform that enables
> FS_JFFS2 by default and so vulnerable here. Can you find some resources
> to look in to fixing this please? Thanks.
Is that a real vulnerability?
If you can write to raw flash, you can also replace u-boot, no need to
to corrupt jffs...
Pavel
--
People of Russia, stop Putin before his war on Ukraine escalates.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20241121/ec46ae34/attachment.sig>
More information about the U-Boot
mailing list