[SECURITY][4/4] Stack buffer overflow in Samsung board code (sprintf concatenation)
Tra Ngo
S4210155 at student.rmit.edu.au
Thu Mar 26 05:41:10 CET 2026
Dear U-Boot maintainers,
I would like to report a potential stack buffer overflow in board/samsung/common/misc.c (set_board_info()).
The issue arises from an unbounded sprintf() used to concatenate bdname and bdtype into a fixed-size buffer.
This may lead to overflow when the combined string exceeds the buffer size.
I have attached a detailed analysis, including root cause and suggested fix.
This is part of a set of related issues reported separately.
Please let me know if you would like a patch or further details.
Best regards,
Ngo Tra <https://aka.ms/GetOutlookForMac>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: UCCG-UBOOT-04.md
Type: application/octet-stream
Size: 3683 bytes
Desc: UCCG-UBOOT-04.md
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260326/17bcfa99/attachment.obj>
More information about the U-Boot
mailing list