[PATCH] usb: gadget: dfu: Fix the unchecked length field
DFU implementation does not bound the length field in USB
DFU download setup packets, and it does not verify that
the transfer direction. Fixing the length and transfer
direction.
CVE-2022-2347
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@amd.com>
Reviewed-by: Marek Vasut <marex@denx.de>
Note (<dleidert>: I'm not sure if this patch should be applied as well:
https://source.denx.de/u-boot/u-boot/-/commit/
86b6a38863bebb70a65a53f93a1ffafc4a472169
It is not related to the issue, though.
Reviewed-By: Daniel Leidert <dleidert@debian.org>
Origin: https://source.denx.de/u-boot/u-boot/-/commit/
fbce985e28eaca3af82afecc11961aadaf971a7e
Bug: https://www.openwall.com/lists/oss-security/2022/07/08/2
Bug-Debian: https://bugs.debian.org/
1014959
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-2347
Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2022-2347
Gbp-Pq: Name CVE-2022-2347.patch
projects / u-boot.git / commit