ZDI-CAN-24679: New Vulnerability Report
zdi-disclosures at trendmicro.com
zdi-disclosures at trendmicro.com
Fri Jun 20 16:23:26 CEST 2025
Hi,
Can you confirm if any fix was made for this vulnerability?
Thanks,
ZDI
-----Original Message-----
From: Tom Rini <trini at konsulko.com>
Sent: Thursday, November 14, 2024 3:34 PM
To: Tony Dinh <mibodhi at gmail.com>
Cc: Michal Simek <michal.simek at amd.com>; Wolfgang Wegner <w.wegner at astro-kom.de>; Thomas Weber <weber at corscience.de>; Stefan Herbrechtsmeier <stefan at herbrechtsmeier.net>; Phil Sutter <phil at nwl.cc>; Siddarth Gore <gores at marvell.com>; Luka Perkov <luka at openwrt.org>; Holger Brunck <holger.brunck at hitachienergy.com>; Heiko Schocher <hs at denx.de>; Evgeni Dobrev <evgeni at studio-punkt.com>; Stefan Roese <sr at denx.de>; Ilko Iliev <iliev at ronetix.at>; Dave Purdy <david.c.purdy at gmail.com>; ZDI Disclosures Mailbox <zdi-disclosures at trendmicro.com>; u-boot at lists.denx.de
Subject: Re: ZDI-CAN-24679: New Vulnerability Report
On Thu, Nov 14, 2024 at 12:18:49PM -0800, Tony Dinh wrote:
> Hi Tom,
> Hi Stefan,
>
> On Thu, Nov 14, 2024 at 8:33 AM Tom Rini <trini at konsulko.com> wrote:
> >
> > On Thu, Nov 14, 2024 at 04:07:15PM +0100, Michal Simek wrote:
> >
> > > Hi,
> > >
> > > On 11/14/24 15:56, Tom Rini wrote:
> > > > On Thu, Nov 14, 2024 at 04:02:29AM +0000, zdi-disclosures at trendmicro.com wrote:
> > > >
> > > > > Hi,
> > > > > Do you have any updates to share regarding this vulnerability report?
> > > >
> > > > Michal, microblaze-generic is the most active platform that
> > > > enables
> > > > FS_JFFS2 by default and so vulnerable here. Can you find some
> > > > resources to look in to fixing this please? Thanks.
> > >
> > > We have actually discussed this recently and we have other issues
> > > with jffs2 and not going to fix it or recommend to use it.
> > > JFFS2 should be removed from our configs and it is also not under our regression.
> >
> > Ah OK, thanks. Adding a few more maintainers now then.
>
> Does this affect only boards that explicitly use CMD_JFFS2? how about
> boards that have not been converted to bootstd and still use "nand
> read" like this:
>
> include/configs/openrd.h
>
> #define CFG_EXTRA_ENV_SETTINGS "x_bootargs=console=ttyS0,115200 " \
> CONFIG_MTDPARTS_DEFAULT " rw ubi.mtd=2,2048\0" \
> "x_bootcmd_kernel=nand read 0x6400000 0x100000 0x300000\0" \
It's a problem for boards which read from JFFS2 in U-Boot, yes. So in the case of the kernel / etc being read from a raw location (or ubi or what-have-you), if FS_JFFS2 (or CMD_JFFS2, same list of platforms) is disabled the problem goes away. And if we're down to just a few lightly used platforms, we can just drop JFFS2 support. Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250620/9e2f3fe1/attachment.sig>
More information about the U-Boot
mailing list