CVE-2022-30767

NameCVE-2022-30767
Descriptionnfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs1014471

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
u-boot (PTS)buster2019.01+dfsg-7fixed
bullseye2021.01+dfsg-5vulnerable
bookworm2022.04+dfsg-2vulnerable
sid2022.10+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
u-bootsourceexperimental2022.07~rc4+dfsg-1
u-bootsourcestretch(not affected)
u-bootsourcebuster(not affected)
u-bootsource(unstable)2022.07+dfsg-11014471

Notes

[bullseye] - u-boot <ignored> (Minor issue)
[buster] - u-boot <not-affected> (Incorrect fix for CVE-2019-14196 not applied)
[stretch] - u-boot <not-affected> (Incorrect fix for CVE-2019-14196 not applied)
Introduced by: https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96 (v2019.10-rc4)
https://lists.denx.de/pipermail/u-boot/2022-May/483952.html
https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/
Issue exists because of an incorrect fix for CVE-2019-14196.
Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/bdbf7a05e26f3c5fd437c99e2755ffde186ddc80 (v2022.07-rc4)

Search for package or bug name: Reporting problems