Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6523-1

Ubuntu Security Notice 6523-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos#git
==========================================================================Ubuntu Security Notice USN-6523-1November 29, 2023u-boot-nezha vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTSSummary:Several security issues were fixed in u-boot-nezha.Software Description:- u-boot-nezha: U-Boot for Allwinner Nezha boardDetails:It was discovered that U-Boot incorrectly handled certain USB DFU downloadsetup packets. A local attacker could use this issue to cause U-Boot tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2022-2347)Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handledcertain fragmented IP packets. A local attacker could use this issue tocause U-Boot to crash, resulting in a denial of service, or possiblyexecute arbitrary code. (CVE-2022-30552, CVE-2022-30790)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   u-boot-nezha                    2022.10-1089-g528ae9bc6c-0ubuntu1.23.04.2Ubuntu 22.04 LTS:   u-boot-nezha                    2022.04+git20220405.7446a472-0ubuntu0.4In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6523-1   CVE-2022-2347, CVE-2022-30552, CVE-2022-30790Package Information: https://launchpad.net/ubuntu/+source/u-boot-nezha/2022.10-1089-g528ae9bc6c-0ubuntu1.23.04.2 https://launchpad.net/ubuntu/+source/u-boot-nezha/2022.04+git20220405.7446a472-0ubuntu0.4

Related news

CVE-2023-22436: en/security-disclosure/2023/2023-02.md · OpenHarmony/security - Gitee.com

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

Ubuntu Security Notice USN-5764-1

Ubuntu Security Notice 5764-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-5764-1

Ubuntu Security Notice 5764-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-5764-1

Ubuntu Security Notice 5764-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

CVE-2022-43449: en/security-disclosure/2022/2022-11.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.

CVE-2022-2347: oss-sec: Fwd: CVE-2022-2347 - Unchecked Download Size and Direction in U-Boot USB DFU

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

CVE-2022-30790: Tags · u-boot/u-boot

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as well as

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS). U-Boot is a boot loader used in Linux-based embedded systems such as ChromeOS as well as

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution