An update for uboot-tools is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2186 Final 1.0 1.0 2024-09-27 Initial 2024-09-27 2024-09-27 openEuler SA Tool V1.0 2024-09-27 uboot-tools security update An update for uboot-tools is now available for openEuler-22.03-LTS-SP3 This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fw_printenv and fw_setenv programs to read and modify U-Boot's environment. Security Fix(es): There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.(CVE-2022-2347) An update for uboot-tools is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High uboot-tools https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2186 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-2347 https://nvd.nist.gov/vuln/detail/CVE-2022-2347 openEuler-22.03-LTS-SP3 uboot-images-armv8-2021.10-8.oe2203sp3.noarch.rpm uboot-tools-help-2021.10-8.oe2203sp3.noarch.rpm uboot-images-elf-2021.10-8.oe2203sp3.aarch64.rpm uboot-tools-2021.10-8.oe2203sp3.aarch64.rpm uboot-tools-debuginfo-2021.10-8.oe2203sp3.aarch64.rpm uboot-tools-debugsource-2021.10-8.oe2203sp3.aarch64.rpm uboot-tools-2021.10-8.oe2203sp3.src.rpm uboot-tools-2021.10-8.oe2203sp3.x86_64.rpm uboot-tools-debuginfo-2021.10-8.oe2203sp3.x86_64.rpm uboot-tools-debugsource-2021.10-8.oe2203sp3.x86_64.rpm There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer. 2024-09-27 CVE-2022-2347 openEuler-22.03-LTS-SP3 High 7.1 AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H uboot-tools security update 2024-09-27 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2186