Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5764-1

Ubuntu Security Notice 5764-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-5764-1December 06, 2022u-boot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in u-boot.Software Description:- u-boot: A boot loader for embedded systemsDetails:It was discovered that U-Boot incorrectly handled certain USB DFU downloadsetup packets. A local attacker could use this issue to cause U-Boot tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2022-2347)Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handledcertain fragmented IP packets. A local attacker could use this issue tocause U-Boot to crash, resulting in a denial of service, or possiblyexecute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-30552, CVE-2022-30790)It was discovered that U-Boot incorrectly handled certain NFS lookupreplies. A remote attacker could use this issue to cause U-Boot to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04LTS. (CVE-2022-30767)Jincheng Wang discovered that U-Boot incorrectly handled certain SquashFSstructures. A local attacker could use this issue to cause U-Boot tocrash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, andUbuntu 22.04 LTS. (CVE-2022-33103)Tatsuhiko Yasumatsu discovered that U-Boot incorrectly handled certainSquashFS structures. A local attacker could use this issue to cause U-Bootto crash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, andUbuntu 22.04 LTS. (CVE-2022-33967)It was discovered that U-Boot incorrectly handled the i2c command. A localattacker could use this issue to cause U-Boot to crash, resulting in adenial of service, or possibly execute arbitrary code. This issue onlyaffected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.(CVE-2022-34835)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:   u-boot                          2022.07+dfsg-1ubuntu4.2   u-boot-amlogic                  2022.07+dfsg-1ubuntu4.2   u-boot-exynos                   2022.07+dfsg-1ubuntu4.2   u-boot-imx                      2022.07+dfsg-1ubuntu4.2   u-boot-microchip                2022.07+dfsg-1ubuntu4.2   u-boot-mvebu                    2022.07+dfsg-1ubuntu4.2   u-boot-omap                     2022.07+dfsg-1ubuntu4.2   u-boot-qcom                     2022.07+dfsg-1ubuntu4.2   u-boot-qemu                     2022.07+dfsg-1ubuntu4.2   u-boot-rockchip                 2022.07+dfsg-1ubuntu4.2   u-boot-rpi                      2022.07+dfsg-1ubuntu4.2   u-boot-sifive                   2022.07+dfsg-1ubuntu4.2   u-boot-stm32                    2022.07+dfsg-1ubuntu4.2   u-boot-sunxi                    2022.07+dfsg-1ubuntu4.2   u-boot-tegra                    2022.07+dfsg-1ubuntu4.2   u-boot-tools                    2022.07+dfsg-1ubuntu4.2Ubuntu 22.04 LTS:   u-boot                          2022.01+dfsg-2ubuntu2.3   u-boot-amlogic                  2022.01+dfsg-2ubuntu2.3   u-boot-exynos                   2022.01+dfsg-2ubuntu2.3   u-boot-imx                      2022.01+dfsg-2ubuntu2.3   u-boot-microchip                2022.01+dfsg-2ubuntu2.3   u-boot-mvebu                    2022.01+dfsg-2ubuntu2.3   u-boot-omap                     2022.01+dfsg-2ubuntu2.3   u-boot-qcom                     2022.01+dfsg-2ubuntu2.3   u-boot-qemu                     2022.01+dfsg-2ubuntu2.3   u-boot-rockchip                 2022.01+dfsg-2ubuntu2.3   u-boot-rpi                      2022.01+dfsg-2ubuntu2.3   u-boot-sifive                   2022.01+dfsg-2ubuntu2.3   u-boot-sunxi                    2022.01+dfsg-2ubuntu2.3   u-boot-tegra                    2022.01+dfsg-2ubuntu2.3   u-boot-tools                    2022.01+dfsg-2ubuntu2.3Ubuntu 20.04 LTS:   u-boot                          2021.01+dfsg-3ubuntu0~20.04.5   u-boot-amlogic                  2021.01+dfsg-3ubuntu0~20.04.5   u-boot-exynos                   2021.01+dfsg-3ubuntu0~20.04.5   u-boot-imx                      2021.01+dfsg-3ubuntu0~20.04.5   u-boot-mvebu                    2021.01+dfsg-3ubuntu0~20.04.5   u-boot-omap                     2021.01+dfsg-3ubuntu0~20.04.5   u-boot-qcom                     2021.01+dfsg-3ubuntu0~20.04.5   u-boot-qemu                     2021.01+dfsg-3ubuntu0~20.04.5   u-boot-rockchip                 2021.01+dfsg-3ubuntu0~20.04.5   u-boot-rpi                      2021.01+dfsg-3ubuntu0~20.04.5   u-boot-sifive                   2021.01+dfsg-3ubuntu0~20.04.5   u-boot-sunxi                    2021.01+dfsg-3ubuntu0~20.04.5   u-boot-tegra                    2021.01+dfsg-3ubuntu0~20.04.5   u-boot-tools                    2021.01+dfsg-3ubuntu0~20.04.5Ubuntu 18.04 LTS:   u-boot                          2020.10+dfsg-1ubuntu0~18.04.3   u-boot-amlogic                  2020.10+dfsg-1ubuntu0~18.04.3   u-boot-exynos                   2020.10+dfsg-1ubuntu0~18.04.3   u-boot-imx                      2020.10+dfsg-1ubuntu0~18.04.3   u-boot-mvebu                    2020.10+dfsg-1ubuntu0~18.04.3   u-boot-omap                     2020.10+dfsg-1ubuntu0~18.04.3   u-boot-qcom                     2020.10+dfsg-1ubuntu0~18.04.3   u-boot-qemu                     2020.10+dfsg-1ubuntu0~18.04.3   u-boot-rockchip                 2020.10+dfsg-1ubuntu0~18.04.3   u-boot-rpi                      2020.10+dfsg-1ubuntu0~18.04.3   u-boot-sunxi                    2020.10+dfsg-1ubuntu0~18.04.3   u-boot-tegra                    2020.10+dfsg-1ubuntu0~18.04.3   u-boot-tools                    2020.10+dfsg-1ubuntu0~18.04.3In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5764-1   CVE-2022-2347, CVE-2022-30552, CVE-2022-30767, CVE-2022-30790,   CVE-2022-33103, CVE-2022-33967, CVE-2022-34835Package Information:   https://launchpad.net/ubuntu/+source/u-boot/2022.07+dfsg-1ubuntu4.2   https://launchpad.net/ubuntu/+source/u-boot/2022.01+dfsg-2ubuntu2.3   https://launchpad.net/ubuntu/+source/u-boot/2021.01+dfsg-3ubuntu0~20.04.5   https://launchpad.net/ubuntu/+source/u-boot/2020.10+dfsg-1ubuntu0~18.04.3

Related news

Ubuntu Security Notice USN-6523-1

Ubuntu Security Notice 6523-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2023-22436: en/security-disclosure/2023/2023-02.md · OpenHarmony/security - Gitee.com

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

CVE-2022-43449: en/security-disclosure/2022/2022-11.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

CVE-2022-2347: oss-sec: Fwd: CVE-2022-2347 - Unchecked Download Size and Direction in U-Boot USB DFU

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-33967: U-Boot

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.

CVE-2022-33103: [PATCH v2] fs/squashfs: sqfs_read: Prevent arbitrary code execution

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().

CVE-2022-34835: i2c: fix stack buffer overflow vulnerability in i2c md command (8f8c04bf) · Commits · U-Boot / U-Boot

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.

CVE-2022-30790: Tags · u-boot/u-boot

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as well as

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as well as

CVE-2022-30767: Ineffective fix of CVE-2019-14196

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution