CVE-2022-30790

CVSS v2.0

8.3

High

Vector

AV:A/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions U-Boot version 2022.01

Description The issue is related to a buffer overflow in the CONFIG IP DEFRAG function, which is responsible for IP packet defragmentation in U-Boot bootloaders for Linux-based embedded operating systems. This is caused by errors in handling input data and the possibility of writing beyond buffer boundaries. Exploitation of this issue could allow a remote attacker to overwrite metadata and gain access to the operating system with superuser privileges by sending a specially crafted IP packet.

Recommendations For U-Boot version 2022.01, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

RCE

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-787CWE-120

Related Identifiers

ALT-PU-2022-1646

BDU:2022-03345

BDU:2022-03346

CVE-2022-30790

DLA-4150-1

OPENSUSE-SU-2022_2053-1

OPENSUSE-SU-2022_2056-1

SUSE-SU-2022:2052-1

SUSE-SU-2022:2053-1

SUSE-SU-2022:2054-1

SUSE-SU-2022:2055-1

SUSE-SU-2022:2056-1

SUSE-SU-2022:2057-1

SUSE-SU-2022:2058-1

SUSE-SU-2022:2584-1

SUSE-SU-2022_2052-1

SUSE-SU-2022_2053-1

SUSE-SU-2022_2054-1

SUSE-SU-2022_2055-1

SUSE-SU-2022_2056-1

SUSE-SU-2022_2057-1

SUSE-SU-2022_2058-1

SUSE-SU-2022_2584-1

USN-5764-1

USN-6523-1

Affected Products

Alt Linux

Debian

Linuxmint

Suse

U-Boot

Ubuntu

CVE-2022-30790

Weakness Enumeration

Related Identifiers

Affected Products

References · 60