CVE-2022-30767Classic Buffer Overflow in U-boot

CWE-120Classic Buffer Overflow7 documents6 sources
Severity
9.8CRITICALNVD
OSV7.1
EPSS
0.1%
top 64.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Denx U-bootDebian U-bootFedoraproject Fedora+2 more
Timeline
PublishedMay 16
Latest updateDec 6

Description

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

debiandebian/u-boot< u-boot 2022.07+dfsg-1 (bookworm)
Debiandenx/u-boot< 2021.01+dfsg-5+deb11u1+3
Ubuntudenx/u-boot< 2020.10+dfsg-1ubuntu0~18.04.3+2
NVDdenx/u-boot2022.04+1

Also affects: Fedora 36

Patches

Patch: github.comPatch: source.denx.dePatch: github.com

🔴Vulnerability Details

3
OSV
u-boot vulnerabilities2022-12-06
GHSA
GHSA-27g3-5ffj-8mw8: nfs_lookup_reply in net/nfs2022-05-17
OSV
CVE-2022-30767: nfs_lookup_reply in net/nfs2022-05-16

📋Vendor Advisories

3
Ubuntu
U-Boot vulnerabilities2022-12-06
Microsoft
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because 2022-05-10
Debian
CVE-2022-30767: u-boot - nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07...2022