Headline
Ubuntu Security Notice USN-5764-1
Ubuntu Security Notice 5764-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
==========================================================================Ubuntu Security Notice USN-5764-1December 06, 2022u-boot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in u-boot.Software Description:- u-boot: A boot loader for embedded systemsDetails:It was discovered that U-Boot incorrectly handled certain USB DFU downloadsetup packets. A local attacker could use this issue to cause U-Boot tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2022-2347)Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handledcertain fragmented IP packets. A local attacker could use this issue tocause U-Boot to crash, resulting in a denial of service, or possiblyexecute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-30552, CVE-2022-30790)It was discovered that U-Boot incorrectly handled certain NFS lookupreplies. A remote attacker could use this issue to cause U-Boot to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04LTS. (CVE-2022-30767)Jincheng Wang discovered that U-Boot incorrectly handled certain SquashFSstructures. A local attacker could use this issue to cause U-Boot tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, andUbuntu 22.04 LTS. (CVE-2022-33103)Tatsuhiko Yasumatsu discovered that U-Boot incorrectly handled certainSquashFS structures. A local attacker could use this issue to cause U-Bootto crash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, andUbuntu 22.04 LTS. (CVE-2022-33967)It was discovered that U-Boot incorrectly handled the i2c command. A localattacker could use this issue to cause U-Boot to crash, resulting in adenial of service, or possibly execute arbitrary code. This issue onlyaffected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.(CVE-2022-34835)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10: u-boot 2022.07+dfsg-1ubuntu4.2 u-boot-amlogic 2022.07+dfsg-1ubuntu4.2 u-boot-exynos 2022.07+dfsg-1ubuntu4.2 u-boot-imx 2022.07+dfsg-1ubuntu4.2 u-boot-microchip 2022.07+dfsg-1ubuntu4.2 u-boot-mvebu 2022.07+dfsg-1ubuntu4.2 u-boot-omap 2022.07+dfsg-1ubuntu4.2 u-boot-qcom 2022.07+dfsg-1ubuntu4.2 u-boot-qemu 2022.07+dfsg-1ubuntu4.2 u-boot-rockchip 2022.07+dfsg-1ubuntu4.2 u-boot-rpi 2022.07+dfsg-1ubuntu4.2 u-boot-sifive 2022.07+dfsg-1ubuntu4.2 u-boot-stm32 2022.07+dfsg-1ubuntu4.2 u-boot-sunxi 2022.07+dfsg-1ubuntu4.2 u-boot-tegra 2022.07+dfsg-1ubuntu4.2 u-boot-tools 2022.07+dfsg-1ubuntu4.2Ubuntu 22.04 LTS: u-boot 2022.01+dfsg-2ubuntu2.3 u-boot-amlogic 2022.01+dfsg-2ubuntu2.3 u-boot-exynos 2022.01+dfsg-2ubuntu2.3 u-boot-imx 2022.01+dfsg-2ubuntu2.3 u-boot-microchip 2022.01+dfsg-2ubuntu2.3 u-boot-mvebu 2022.01+dfsg-2ubuntu2.3 u-boot-omap 2022.01+dfsg-2ubuntu2.3 u-boot-qcom 2022.01+dfsg-2ubuntu2.3 u-boot-qemu 2022.01+dfsg-2ubuntu2.3 u-boot-rockchip 2022.01+dfsg-2ubuntu2.3 u-boot-rpi 2022.01+dfsg-2ubuntu2.3 u-boot-sifive 2022.01+dfsg-2ubuntu2.3 u-boot-sunxi 2022.01+dfsg-2ubuntu2.3 u-boot-tegra 2022.01+dfsg-2ubuntu2.3 u-boot-tools 2022.01+dfsg-2ubuntu2.3Ubuntu 20.04 LTS: u-boot 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-amlogic 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-exynos 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-imx 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-mvebu 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-omap 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-qcom 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-qemu 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-rockchip 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-rpi 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-sifive 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-sunxi 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-tegra 2021.01+dfsg-3ubuntu0~20.04.5 u-boot-tools 2021.01+dfsg-3ubuntu0~20.04.5Ubuntu 18.04 LTS: u-boot 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-amlogic 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-exynos 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-imx 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-mvebu 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-omap 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-qcom 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-qemu 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-rockchip 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-rpi 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-sunxi 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-tegra 2020.10+dfsg-1ubuntu0~18.04.3 u-boot-tools 2020.10+dfsg-1ubuntu0~18.04.3In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-5764-1 CVE-2022-2347, CVE-2022-30552, CVE-2022-30767, CVE-2022-30790, CVE-2022-33103, CVE-2022-33967, CVE-2022-34835Package Information: https://launchpad.net/ubuntu/+source/u-boot/2022.07+dfsg-1ubuntu4.2 https://launchpad.net/ubuntu/+source/u-boot/2022.01+dfsg-2ubuntu2.3 https://launchpad.net/ubuntu/+source/u-boot/2021.01+dfsg-3ubuntu0~20.04.5 https://launchpad.net/ubuntu/+source/u-boot/2020.10+dfsg-1ubuntu0~18.04.3Related news
Ubuntu Security Notice 6523-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code.
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as well as
Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as well as
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.