CVE-2022-2347
Last modified
CVE-2022-2347 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. EPSS estimates a 0.58% chance of exploitation in the next 30 days.
Description
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.
Metrics
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Denx | U-Boot | >= 2012.10, <= 2022.07 |
References
- https://seclists.org/oss-sec/2022/q3/41Exploit, Mailing List, Third Party Advisory
- https://seclists.org/oss-sec/2022/q3/41Exploit, Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-2347?
How severe is CVE-2022-2347?
How do I fix CVE-2022-2347?
Are you affected by CVE-2022-2347?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST