CVE-2022-30767

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions U-Boot versions through 2022.04 U-Boot versions through 2022.07-rc2

Description The issue is related to the nfs lookup reply function in net/nfs.c, which is part of the U-Boot bootloader for Linux-based embedded operating systems. It involves a buffer copy operation without proper input size validation, potentially leading to a buffer overflow. This could allow an attacker to execute arbitrary code.

Recommendations For U-Boot versions through 2022.04, update to a version that includes a correct fix for the issue. For U-Boot versions through 2022.07-rc2, update to a version that includes a correct fix for the issue. As a temporary workaround, consider restricting access to the nfs lookup reply function in net/nfs.c to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2022-2236

ALT-PU-2023-4892

BDU:2023-06308

CVE-2022-30767

DLA-4150-1

OESA-2022-1978

OPENSUSE-SU-2022_2053-1

SUSE-SU-2022:2052-1

SUSE-SU-2022:2053-1

SUSE-SU-2022:2054-1

USN-5764-1

Affected Products

Alt Linux

Debian

Linuxmint

Suse

U-Boot

Ubuntu

CVE-2022-30767

Weakness Enumeration

Related Identifiers

Affected Products

References · 43