CVE-2022-30790 — Out-of-bounds Write in U-boot

CWE-787 — Out-of-bounds Write11 documents8 sources

Severity

7.8HIGHNVD

OSV7.1OSV5.5

EPSS

0.3%

top 48.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Denx U-boot Debian U-boot Msrc Azl3 Qemu 8.2.0-16 ON Azure Linux 3.0 +1 more

Timeline

PublishedJun 8

Latest updateMar 31

Description

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶debiandebian/u-boot< u-boot 2022.07+dfsg-1 (bookworm)

▶Debiandenx/u-boot< 2021.01+dfsg-5+deb11u1+3

▶Ubuntudenx/u-boot< 2020.10+dfsg-1ubuntu0~18.04.3+2

▶NVDdenx/u-boot2022.01

▶msrcmsrc/azl3_qemu_8.2.0-16_on_azure_linux_3.0

🔴Vulnerability Details

OSV

u-boot-nezha vulnerability↗2023-11-29

▶

OSV

u-boot vulnerabilities↗2022-12-06

▶

GHSA

GHSA-mrg2-fqpf-5crp: Das U-Boot 2022↗2022-06-09

▶

OSV

CVE-2022-30790: Das U-Boot 2022↗2022-06-08

▶

📋Vendor Advisories

Ubuntu

u-boot-nezha vulnerability↗2023-11-29

▶

Ubuntu

U-Boot vulnerabilities↗2022-12-06

▶

Microsoft

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.↗2022-06-14

▶

Debian

CVE-2022-30790: u-boot - Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.↗2022

▶

📄Research Papers

arXiv

Attacker Control and Bug Prioritization↗2025-03-31

▶

arXiv

Attacker Control and Bug Prioritization↗2025-03-31

▶