CVE-2022-33103Out-of-bounds Write in U-boot

CWE-787Out-of-bounds Write7 documents6 sources
Severity
7.8HIGHNVD
OSV7.1
EPSS
0.1%
top 80.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Denx U-bootDebian U-bootMsrc Azl3 Qemu 8.2.0-16 ON Azure Linux 3.0+1 more
Timeline
PublishedJul 1
Latest updateDec 6

Description

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDdenx/u-boot2020.102022.07+1
debiandebian/u-boot< u-boot 2022.07+dfsg-1 (bookworm)
Debiandenx/u-boot< 2021.01+dfsg-5+deb11u1+3
Ubuntudenx/u-boot< 2020.10+dfsg-1ubuntu0~18.04.3+2

🔴Vulnerability Details

3
OSV
u-boot vulnerabilities2022-12-06
GHSA
GHSA-cxwr-rc7w-x3fr: Das U-Boot from v20202022-07-02
OSV
CVE-2022-33103: Das U-Boot from v20202022-07-01

📋Vendor Advisories

3
Ubuntu
U-Boot vulnerabilities2022-12-06
Microsoft
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().2022-07-12
Debian
CVE-2022-33103: u-boot - Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bou...2022