Was plain U-Boot affected by CVE-2023-39902?
Tom Rini
trini at konsulko.com
Mon Jun 23 17:13:35 CEST 2025
On Thu, Jun 19, 2025 at 09:35:25AM +0200, Rolf Eike Beer wrote:
> Hi all,
>
> for entirely unrelated reasons I came accross CVE-2023-39902:
>
> > A software vulnerability has been identified in the U-Boot Secondary Program
> > Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under
> > certain conditions, a crafted Flattened Image Tree (FIT) format structure
> > can be used to overwrite SPL memory, allowing unauthenticated software to
> > execute on the target, leading to privilege escalation.
>
> This links to https://community.nxp.com/t5/i-MX-Security/U-Boot-Secondary-Program-Loader-Authentication-Vulnerability-CVE/ta-p/1736196, which links 4
> patches. The relevant one seems to me https://github.com/nxp-imx/uboot-imx/
> commit/0746cfd931de8f7591d263ff60dd806ffe23c093, and for my limited
> understanding the actual fix is the first hunk.
>
> A similar change has been made in 6039e0edc8540bd2a ("imx: hab: Simplify the
> mechanism"), so I wonder if this is just an unnoticed instance of the very
> same bug?
>
> Opinions?
Lets add the iMX folks..
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250623/92fffbfc/attachment.sig>
More information about the U-Boot
mailing list