CVE Vulnerability

CVE-2022-34835

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 Patch Vendor Advisory
https://lists.denx.de/pipermail/u-boot/2022-June/486113.html Exploit Patch
https://github.com/u-boot/u-boot/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 Exploit Patch
Configurations

Configuration 1

cpe:2.3:a:denx:u-boot:2022.07:rc2:*:*:*:*:*:*
cpe:2.3:a:denx:u-boot:2022.07:rc1:*:*:*:*:*:*
cpe:2.3:a:denx:u-boot:2022.07:rc3:*:*:*:*:*:*
cpe:2.3:a:denx:u-boot:2022.07:rc4:*:*:*:*:*:*
cpe:2.3:a:denx:u-boot:2022.07:rc5:*:*:*:*:*:*
cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:*
Information

Published : 2022-06-30 12:15

Updated : 2022-07-09 02:28

NVD link : CVE-2022-34835

Mitre link : CVE-2022-34835

Products Affected
No products.
CWE
CWE-787