CVE-2022-34835Out-of-bounds Write in U-boot

CWE-787Out-of-bounds Write8 documents7 sources
Severity
9.8CRITICALNVD
OSV7.1
EPSS
0.4%
top 38.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Denx U-bootDebian U-bootMsrc Azl3 Qemu 8.2.0-16 ON Azure Linux 3.0+1 more
Timeline
PublishedJun 30
Latest updateJul 4

Description

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDdenx/u-boot< 2022.07+1
debiandebian/u-boot< u-boot 2022.07+dfsg-1 (bookworm)
Debiandenx/u-boot< 2021.01+dfsg-5+deb11u1+3
Ubuntudenx/u-boot< 2020.10+dfsg-1ubuntu0~18.04.3+2

Patches

Patch: github.comPatch: lists.denx.dePatch: source.denx.de

🔴Vulnerability Details

3
OSV
u-boot vulnerabilities2022-12-06
GHSA
GHSA-9gfq-p9vq-r563: In Das U-Boot through 20222022-07-01
OSV
CVE-2022-34835: In Das U-Boot through 20222022-06-30

📋Vendor Advisories

3
Ubuntu
U-Boot vulnerabilities2022-12-06
Microsoft
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md f2022-06-14
Debian
CVE-2022-34835: u-boot - In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant sta...2022

📄Research Papers

1
arXiv
On the Verification of Control Flow Attestation Evidence2025-07-04