CVE-2022-34835
Description
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the i2c md command enables the corruption of the return address pointer of the do_i2c_md function.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.309
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2022.01+dfsg-2ubuntu2.3_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2022.07+dfsg-1ubuntu4.2_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2020.10+dfsg-1ubuntu0~18.04.3_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2021.01+dfsg-3ubuntu0~20.04.5_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2022.01+dfsg-2ubuntu2.3_amd64.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2022.07+dfsg-1ubuntu4.2_amd64.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2020.10+dfsg-1ubuntu0~18.04.3_i386.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2020.10+dfsg-1ubuntu0~18.04.3_amd64.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2021.01+dfsg-3ubuntu0~20.04.5_amd64.deb | Linux |
| SUSE-SU-2022:2653-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) u-boot-tools-2021.01-150300.7.15.1.x86_64.rpm | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-qemu_2022.07+dfsg-1ubuntu4.2_all.deb | Linux |
| A boot loader for embedded systems (USN-5764-1) u-boot-tools_2022.07+dfsg-1ubuntu4.2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234