CVE-2022-33967
Ubuntu Security Notice USN-5764-1
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.
Una implementación del sistema de archivos squashfs de las versiones de U-Boot versiones desde la v2020.10-rc2 hasta v2022.07-rc5, contiene una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria debido a un defecto en el proceso de lectura de metadatos. La carga de una imagen squashfs especialmente diseñada puede conllevar a una condición de Denegación de Servicio (DoS) o una ejecución de código arbitrario
It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-06-29 CVE Reserved
- 2022-07-20 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/vu/JVNVU97846460/index.html | Third Party Advisory | |
| https://www.denx.de/project/u-boot | Product |
| URL | Date | SRC |
|---|---|---|
| https://lists.denx.de/pipermail/u-boot/2022-June/487467.html | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44 | 2022-08-02 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2020.10 Search vendor "Denx" for product "U-boot" and version "2020.10" | rc2 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2020.10 Search vendor "Denx" for product "U-boot" and version "2020.10" | rc3 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2020.10 Search vendor "Denx" for product "U-boot" and version "2020.10" | rc4 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2020.10 Search vendor "Denx" for product "U-boot" and version "2020.10" | rc5 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2021.01 Search vendor "Denx" for product "U-boot" and version "2021.01" | - |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2021.01 Search vendor "Denx" for product "U-boot" and version "2021.01" | rc1 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2021.01 Search vendor "Denx" for product "U-boot" and version "2021.01" | rc2 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2021.01 Search vendor "Denx" for product "U-boot" and version "2021.01" | rc3 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2021.01 Search vendor "Denx" for product "U-boot" and version "2021.01" | rc4 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2021.01 Search vendor "Denx" for product "U-boot" and version "2021.01" | rc5 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2021.04 Search vendor "Denx" for product "U-boot" and version "2021.04" | rc1 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2021.04 Search vendor "Denx" for product "U-boot" and version "2021.04" | rc2 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.01 Search vendor "Denx" for product "U-boot" and version "2022.01" | - |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.01 Search vendor "Denx" for product "U-boot" and version "2022.01" | rc1 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.01 Search vendor "Denx" for product "U-boot" and version "2022.01" | rc2 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.01 Search vendor "Denx" for product "U-boot" and version "2022.01" | rc3 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.01 Search vendor "Denx" for product "U-boot" and version "2022.01" | rc4 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.04 Search vendor "Denx" for product "U-boot" and version "2022.04" | - |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.04 Search vendor "Denx" for product "U-boot" and version "2022.04" | rc1 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.04 Search vendor "Denx" for product "U-boot" and version "2022.04" | rc2 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.04 Search vendor "Denx" for product "U-boot" and version "2022.04" | rc3 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.04 Search vendor "Denx" for product "U-boot" and version "2022.04" | rc4 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.04 Search vendor "Denx" for product "U-boot" and version "2022.04" | rc5 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.07 Search vendor "Denx" for product "U-boot" and version "2022.07" | rc1 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.07 Search vendor "Denx" for product "U-boot" and version "2022.07" | rc2 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.07 Search vendor "Denx" for product "U-boot" and version "2022.07" | rc3 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.07 Search vendor "Denx" for product "U-boot" and version "2022.07" | rc4 |
Affected
| ||||||
| Denx Search vendor "Denx" | U-boot Search vendor "Denx" for product "U-boot" | 2022.07 Search vendor "Denx" for product "U-boot" and version "2022.07" | rc5 |
Affected
| ||||||