Several security issues were fixed in u-boot-nezha.
Software Description:
- u-boot-nezha: U-Boot for Allwinner Nezha board
Details:
It was discovered that U-Boot incorrectly handled certain USB DFU download
setup packets. A local attacker could use this issue to cause U-Boot to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-2347)
Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled
certain fragmented IP packets. A local attacker could use this issue to
cause U-Boot to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2022-30552, CVE-2022-30790)
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: u-boot-nezha 2022.10-1089-g528ae9bc6c-0ubuntu1.23.04.2 Ubuntu 22.04 LTS: u-boot-nezha 2022.04+git20220405.7446a472-0ubuntu0.4 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6523-1
CVE-2022-2347, CVE-2022-30552, CVE-2022-30790
Get the latest Linux and open source security news straight to your inbox.