Vulnerability Details CVE-2022-34835
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/u-boot/u-boot/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
- https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
- https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
- https://github.com/u-boot/u-boot/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
- https://lists.denx.de/pipermail/u-boot/2022-June/486113.html
- https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409
Products affected by CVE-2022-34835
-
cpe:2.3:a:denx:u-boot:-
-
cpe:2.3:a:denx:u-boot:0.2.0
-
cpe:2.3:a:denx:u-boot:0.2.3
-
cpe:2.3:a:denx:u-boot:0.3.0
-
cpe:2.3:a:denx:u-boot:0.3.1
-
cpe:2.3:a:denx:u-boot:0.4.0
-
cpe:2.3:a:denx:u-boot:0.4.1
-
cpe:2.3:a:denx:u-boot:0.4.2
-
cpe:2.3:a:denx:u-boot:0.4.3
-
cpe:2.3:a:denx:u-boot:0.4.4
-
cpe:2.3:a:denx:u-boot:0.4.5
-
cpe:2.3:a:denx:u-boot:0.4.6
-
cpe:2.3:a:denx:u-boot:0.4.7
-
cpe:2.3:a:denx:u-boot:0.4.8
-
cpe:2.3:a:denx:u-boot:1.0.0
-
cpe:2.3:a:denx:u-boot:1.0.1
-
cpe:2.3:a:denx:u-boot:1.0.2
-
cpe:2.3:a:denx:u-boot:1.1.0
-
cpe:2.3:a:denx:u-boot:1.1.1
-
cpe:2.3:a:denx:u-boot:1.1.2
-
cpe:2.3:a:denx:u-boot:1.1.3
-
cpe:2.3:a:denx:u-boot:1.1.4
-
cpe:2.3:a:denx:u-boot:1.1.5
-
cpe:2.3:a:denx:u-boot:1.1.6
-
cpe:2.3:a:denx:u-boot:1.2.0
-
cpe:2.3:a:denx:u-boot:1.3.0
-
cpe:2.3:a:denx:u-boot:1.3.1
-
cpe:2.3:a:denx:u-boot:1.3.3
-
cpe:2.3:a:denx:u-boot:1.3.4
-
cpe:2.3:a:denx:u-boot:2008.10
-
cpe:2.3:a:denx:u-boot:2009.01
-
cpe:2.3:a:denx:u-boot:2009.03
-
cpe:2.3:a:denx:u-boot:2009.06
-
cpe:2.3:a:denx:u-boot:2009.08
-
cpe:2.3:a:denx:u-boot:2009.11
-
cpe:2.3:a:denx:u-boot:2009.11.1
-
cpe:2.3:a:denx:u-boot:2010.03
-
cpe:2.3:a:denx:u-boot:2010.06
-
cpe:2.3:a:denx:u-boot:2010.09
-
cpe:2.3:a:denx:u-boot:2010.12
-
cpe:2.3:a:denx:u-boot:2011.03
-
cpe:2.3:a:denx:u-boot:2011.04.01
-
cpe:2.3:a:denx:u-boot:2011.06
-
cpe:2.3:a:denx:u-boot:2011.09
-
cpe:2.3:a:denx:u-boot:2011.12
-
cpe:2.3:a:denx:u-boot:2012.04
-
cpe:2.3:a:denx:u-boot:2012.04.01
-
cpe:2.3:a:denx:u-boot:2012.07
-
cpe:2.3:a:denx:u-boot:2012.10
-
cpe:2.3:a:denx:u-boot:2013.01
-
cpe:2.3:a:denx:u-boot:2013.01.01
-
cpe:2.3:a:denx:u-boot:2013.04
-
cpe:2.3:a:denx:u-boot:2013.07
-
cpe:2.3:a:denx:u-boot:2013.10
-
cpe:2.3:a:denx:u-boot:2014.01
-
cpe:2.3:a:denx:u-boot:2014.04
-
cpe:2.3:a:denx:u-boot:2014.07
-
cpe:2.3:a:denx:u-boot:2014.10
-
cpe:2.3:a:denx:u-boot:2015.01
-
cpe:2.3:a:denx:u-boot:2015.04
-
cpe:2.3:a:denx:u-boot:2015.07
-
cpe:2.3:a:denx:u-boot:2015.10
-
cpe:2.3:a:denx:u-boot:2016.01
-
cpe:2.3:a:denx:u-boot:2016.03
-
cpe:2.3:a:denx:u-boot:2016.05
-
cpe:2.3:a:denx:u-boot:2016.07
-
cpe:2.3:a:denx:u-boot:2016.09
-
cpe:2.3:a:denx:u-boot:2016.09.01
-
cpe:2.3:a:denx:u-boot:2016.11
-
cpe:2.3:a:denx:u-boot:2017.01
-
cpe:2.3:a:denx:u-boot:2017.03
-
cpe:2.3:a:denx:u-boot:2017.05
-
cpe:2.3:a:denx:u-boot:2017.07
-
cpe:2.3:a:denx:u-boot:2017.09
-
cpe:2.3:a:denx:u-boot:2017.11
-
cpe:2.3:a:denx:u-boot:2018.01
-
cpe:2.3:a:denx:u-boot:2018.03
-
cpe:2.3:a:denx:u-boot:2018.05
-
cpe:2.3:a:denx:u-boot:2018.07
-
cpe:2.3:a:denx:u-boot:2018.09
-
cpe:2.3:a:denx:u-boot:2018.11
-
cpe:2.3:a:denx:u-boot:2019.01
-
cpe:2.3:a:denx:u-boot:2019.04
-
cpe:2.3:a:denx:u-boot:2019.07
-
cpe:2.3:a:denx:u-boot:2019.10
-
cpe:2.3:a:denx:u-boot:2020.01
-
cpe:2.3:a:denx:u-boot:2020.04
-
cpe:2.3:a:denx:u-boot:2020.07
-
cpe:2.3:a:denx:u-boot:2020.10
-
cpe:2.3:a:denx:u-boot:2021.01
-
cpe:2.3:a:denx:u-boot:2021.04
-
cpe:2.3:a:denx:u-boot:2022.01
-
cpe:2.3:a:denx:u-boot:2022.04
-
cpe:2.3:a:denx:u-boot:2022.07