Privilege escalation in U-Boot

Published: 2022-08-17

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2022-34835
CWE-ID	CWE-121
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	U-Boot Client/Desktop applications / Other client software
Vendor	DENX

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Stack-based buffer overflow

EUVDB-ID: #VU66594

Risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-34835

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error in the do_i2c_md() function within the "i2c md" command. An attacker with physical access to device can trigger a stack-based buffer overflow and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

U-Boot: 1.0.0 - 2022.07 rc5

CPE2.3

External links

https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
https://github.com/u-boot/u-boot/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.