USN-6523-1: u-boot-nezha vulnerability
29 November 2023
Several security issues were fixed in u-boot-nezha.
Releases
Packages
- u-boot-nezha - U-Boot for Allwinner Nezha board
Details
It was discovered that U-Boot incorrectly handled certain USB DFU download
setup packets. A local attacker could use this issue to cause U-Boot to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-2347)
Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled
certain fragmented IP packets. A local attacker could use this issue to
cause U-Boot to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-30552, CVE-2022-30790)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
Ubuntu 22.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5764-1: u-boot, u-boot-mvebu, u-boot-rpi, u-boot-rockchip, u-boot-tools, u-boot-omap, u-boot-qcom, u-boot-sifive, u-boot-exynos, u-boot-amlogic, u-boot-imx, u-boot-microchip, u-boot-qemu, u-boot-tegra, u-boot-sunxi, u-boot-stm32