UBUNTU-CVE-2022-2347
- Source
- https://ubuntu.com/security/CVE-2022-2347
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-2347.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-2347
- Related
- Published
- 2022-09-23T13:15:00Z
- Modified
- 2024-10-15T14:09:47Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a
wLengthgreater than 4096 bytes, they can write beyond the heap-allocated request buffer. - References
Affected packages
Ubuntu:Pro:16.04:LTS / u-boot
Package
- Name
- u-boot
- Purl
- pkg:deb/ubuntu/u-boot?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS / u-boot
Package
- Name
- u-boot
- Purl
- pkg:deb/ubuntu/u-boot?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2020.10+dfsg-1ubuntu0~18.04.3
Affected versions
2016.*
2016.03+dfsg1-6ubuntu2
2018.*
2018.07~rc3+dfsg1-0ubuntu1~18.04.1
2018.07~rc3+dfsg1-0ubuntu2~18.04.1
2018.07~rc3+dfsg1-0ubuntu3~18.04.1
2019.*
2019.07+dfsg-1ubuntu4~18.04.1
2020.*
2020.10+dfsg-1ubuntu0~18.04.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-amlogic"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-exynos"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-imx"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-mvebu"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-omap"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-qcom"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-qemu"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-rockchip"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-rpi"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-sunxi"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-tegra"
},
{
"binary_version": "2020.10+dfsg-1ubuntu0~18.04.3",
"binary_name": "u-boot-tools"
}
]
}
Ubuntu:20.04:LTS / u-boot
Package
- Name
- u-boot
- Purl
- pkg:deb/ubuntu/u-boot?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2021.01+dfsg-3ubuntu0~20.04.5
Affected versions
2019.*
2019.07+dfsg-1ubuntu3
2019.07+dfsg-1ubuntu5
2019.07+dfsg-1ubuntu6
2020.*
2020.10+dfsg-1ubuntu0~20.04.2
2021.*
2021.01+dfsg-3ubuntu0~20.04.1
2021.01+dfsg-3ubuntu0~20.04.3
2021.01+dfsg-3ubuntu0~20.04.4
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-amlogic"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-exynos"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-imx"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-mvebu"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-omap"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-qcom"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-qemu"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-rockchip"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-rpi"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-sifive"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-sunxi"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-tegra"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-tools"
},
{
"binary_version": "2021.01+dfsg-3ubuntu0~20.04.5",
"binary_name": "u-boot-tools-dbgsym"
}
]
}
Ubuntu:22.04:LTS / u-boot
Package
- Name
- u-boot
- Purl
- pkg:deb/ubuntu/u-boot?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2022.01+dfsg-2ubuntu2.3
Affected versions
2021.*
2021.07+dfsg-0ubuntu8
2021.07+dfsg-0ubuntu9
2021.07+dfsg-0ubuntu10
2022.*
2022.01+dfsg-2ubuntu1
2022.01+dfsg-2ubuntu2
2022.01+dfsg-2ubuntu2.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-amlogic"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-amlogic-dbgsym"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-exynos"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-exynos-dbgsym"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-imx"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-imx-dbgsym"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-microchip"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-mvebu"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-omap"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-omap-dbgsym"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-qcom"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-qcom-dbgsym"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-qemu"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-rockchip"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-rockchip-dbgsym"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-rpi"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-rpi-dbgsym"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-sifive"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-sifive-dbgsym"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-sunxi"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-sunxi-dbgsym"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-tegra"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-tools"
},
{
"binary_version": "2022.01+dfsg-2ubuntu2.3",
"binary_name": "u-boot-tools-dbgsym"
}
]
}
Ubuntu:22.04:LTS / u-boot-nezha
Package
- Name
- u-boot-nezha
- Purl
- pkg:deb/ubuntu/u-boot-nezha?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2022.04+git20220405.7446a472-0ubuntu0.4
Ubuntu:24.10 / u-boot-nezha
Package
- Name
- u-boot-nezha
- Purl
- pkg:deb/ubuntu/u-boot-nezha?arch=src?distro=oracular
Ubuntu:24.04:LTS / u-boot-nezha
Package
- Name
- u-boot-nezha
- Purl
- pkg:deb/ubuntu/u-boot-nezha?arch=src?distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected