Security vulnerabilities report to Das-U-Boot
Jonathan Bar Or
jonathanbaror at gmail.com
Fri Feb 7 18:53:01 CET 2025
Thank you.
So, I'm attaching my findings in a md file - see attachment.
All of those could be avoided by using safe math, such as
__builtin_mul_overflow and __builtin_add_overflow, which are used in some
modules in Das-U-Boot.
There are many cases where seemingly unsafe addition and multiplication can
cause integer overflows, but not all are exploitable - I believe the ones I
report here are.
Let me know your thoughts.
Best regards,
Jonathan
On Fri, Feb 7, 2025 at 7:50 AM Tom Rini <trini at konsulko.com> wrote:
> On Thu, Feb 06, 2025 at 07:47:54PM -0800, Jonathan Bar Or wrote:
>
> > Dear U-boot maintainers,
> >
> > What is the best way of reporting security vulnerabilities (memory
> > corruption issues) to Das-U-Boot? Is there a PGP key I should be using?
> > I have 4 issues that I think are worth fixing (with very easy fixes).
> >
> > Best regards,
> > Jonathan
>
> Hey. As per https://docs.u-boot.org/en/latest/develop/security.html
> please post them to the list in public. If you have possible solutions
> for them as well that's even better. Thanks!
>
> --
> Tom
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: notes.md
Type: text/markdown
Size: 3143 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250207/1903f443/attachment.md>
More information about the U-Boot
mailing list