Was plain U-Boot affected by CVE-2023-39902?
Rolf Eike Beer
eb at emlix.com
Thu Jun 19 09:35:25 CEST 2025
Hi all,
for entirely unrelated reasons I came accross CVE-2023-39902:
> A software vulnerability has been identified in the U-Boot Secondary Program
> Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under
> certain conditions, a crafted Flattened Image Tree (FIT) format structure
> can be used to overwrite SPL memory, allowing unauthenticated software to
> execute on the target, leading to privilege escalation.
This links to https://community.nxp.com/t5/i-MX-Security/U-Boot-Secondary-Program-Loader-Authentication-Vulnerability-CVE/ta-p/1736196, which links 4
patches. The relevant one seems to me https://github.com/nxp-imx/uboot-imx/
commit/0746cfd931de8f7591d263ff60dd806ffe23c093, and for my limited
understanding the actual fix is the first hunk.
A similar change has been made in 6039e0edc8540bd2a ("imx: hab: Simplify the
mechanism"), so I wonder if this is just an unnoticed instance of the very
same bug?
Opinions?
Regards,
Eike
--
Rolf Eike Beer
emlix GmbH
Headquarters: Berliner Str. 12, 37073 Göttingen, Germany
Phone +49 (0)551 30664-0, e-mail info at emlix.com
District Court of Göttingen, Registry Number HR B 3160
Managing Directors: Heike Jordan, Dr. Uwe Kracke
VAT ID No. DE 205 198 055
Office Berlin: Panoramastr. 1, 10178 Berlin, Germany
Office Bonn: Bachstr. 6, 53115 Bonn, Germany
http://www.emlix.com
emlix - your embedded Linux partner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 313 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250619/4c6f4d2f/attachment.sig>
More information about the U-Boot
mailing list