CVE-2022-2347
Publication date 23 September 2022
Last updated 24 July 2024
Ubuntu priority
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| u-boot | 24.10 oracular |
Fixed 2022.07+dfsg-1ubuntu7
|
| 24.04 LTS noble |
Fixed 2022.07+dfsg-1ubuntu7
|
|
| 22.04 LTS jammy |
Fixed 2022.01+dfsg-2ubuntu2.3
|
|
| 20.04 LTS focal |
Fixed 2021.01+dfsg-3ubuntu0~20.04.5
|
|
| 18.04 LTS bionic |
Fixed 2020.10+dfsg-1ubuntu0~18.04.3
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty | Not in release | |
| u-boot-nezha | 24.10 oracular |
Vulnerable
|
| 24.04 LTS noble |
Vulnerable
|
|
| 22.04 LTS jammy |
Fixed 2022.04+git20220405.7446a472-0ubuntu0.4
|
|
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.1 · High
|
| Attack vector | Physical |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-5764-1
- U-Boot vulnerabilities
- 6 December 2022
- USN-6523-1
- u-boot-nezha vulnerability
- 29 November 2023