USN-6523-1: u-boot-nezha vulnerability
29 November 2023
Several security issues were fixed in u-boot-nezha.
Releases
Packages
- u-boot-nezha - U-Boot for Allwinner Nezha board
Details
It was discovered that U-Boot incorrectly handled certain USB DFU download
setup packets. A local attacker could use this issue to cause U-Boot to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-2347)
Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled
certain fragmented IP packets. A local attacker could use this issue to
cause U-Boot to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-30552, CVE-2022-30790)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 23.04
Ubuntu 22.04
In general, a standard system update will make all the necessary changes.