Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-33967

Published: 20 July 2022

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
u-boot
Launchpad, Ubuntu, Debian
bionic
Released (2020.10+dfsg-1ubuntu0~18.04.3)
focal
Released (2021.01+dfsg-3ubuntu0~20.04.5)
impish Ignored
(reached end-of-life)
jammy
Released (2022.01+dfsg-2ubuntu2.3)
kinetic Not vulnerable
(2022.07+dfsg-1ubuntu4)
trusty Ignored
(out of standard support)
upstream Needs triage

xenial Needs triage

Patches:
upstream: https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44