Ubuntu update for u-boot
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU69943
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2347
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in the U-Boot DFU implementation when processing download setup packets. An attacker with physical access to device can send a USB DFU download setup packet with a `wLength` greater than 4096 bytes, trigger a heap-based buffer overflow and execute arbitrary code on the system.
Update the affected package u-boot to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.10
u-boot-exynos (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rockchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-mvebu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-omap (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qemu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qcom (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sunxi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-microchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tegra (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-imx (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tools (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-stm32 (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-amlogic (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sifive (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rpi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
External linkshttp://ubuntu.com/security/notices/USN-5764-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU64137
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30552
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the implementation of IP Packet Defragmentation. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.
MitigationUpdate the affected package u-boot to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.10
u-boot-exynos (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rockchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-mvebu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-omap (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qemu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qcom (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sunxi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-microchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tegra (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-imx (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tools (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-stm32 (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-amlogic (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sifive (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rpi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
External linkshttp://ubuntu.com/security/notices/USN-5764-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU64420
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30767
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the nfs_lookup_reply() function in net/nfs.c. A remote attacker can pass specially crafted data to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability exists due to incomplete fix for CVE-2019-14196.
Update the affected package u-boot to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.10
u-boot-exynos (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rockchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-mvebu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-omap (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qemu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qcom (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sunxi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-microchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tegra (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-imx (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tools (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-stm32 (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-amlogic (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sifive (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rpi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
External linkshttp://ubuntu.com/security/notices/USN-5764-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU64139
Risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30790
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the implementation ofIP Packet Defragmentation. A remote attacker on the local netwotk can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package u-boot to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.10
u-boot-exynos (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rockchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-mvebu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-omap (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qemu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qcom (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sunxi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-microchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tegra (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-imx (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tools (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-stm32 (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-amlogic (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sifive (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rpi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
External linkshttp://ubuntu.com/security/notices/USN-5764-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU66705
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33103
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the sqfs_readdir() function when reading local directories. A local user can trigger an out-of-bounds write error and execute arbitrary code with elevated privileges.
Update the affected package u-boot to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.10
u-boot-exynos (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rockchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-mvebu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-omap (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qemu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qcom (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sunxi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-microchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tegra (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-imx (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tools (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-stm32 (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-amlogic (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sifive (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rpi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
External linkshttp://ubuntu.com/security/notices/USN-5764-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU65331
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33967
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a defect in the metadata reading process. An attacker with physical access can use a specially crafted squashfs image, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package u-boot to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.10
u-boot-exynos (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rockchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-mvebu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-omap (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qemu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qcom (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sunxi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-microchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tegra (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-imx (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tools (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-stm32 (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-amlogic (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sifive (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rpi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
External linkshttp://ubuntu.com/security/notices/USN-5764-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based buffer overflow
EUVDB-ID: #VU66594
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34835
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error in the do_i2c_md() function within the "i2c md" command. An attacker with physical access to device can trigger a stack-based buffer overflow and escalate privileges on the system.
Update the affected package u-boot to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.10
u-boot-exynos (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rockchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-mvebu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-omap (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qemu (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-qcom (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sunxi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-microchip (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tegra (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-imx (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-tools (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-stm32 (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-amlogic (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-sifive (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot-rpi (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
u-boot (Ubuntu package): before 2022.07+dfsg-1ubuntu4.2
External linkshttp://ubuntu.com/security/notices/USN-5764-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
