Vulnerability Name:

CVE-2022-33103 (CCN-230300)

Assigned:2022-06-09
Published:2022-06-09
Updated:2022-07-15
Summary:Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-33103

Source: XF
Type: UNKNOWN
denx-cve202233103-code-exec(230300)

Source: CCN
Type: Lore Kernel Web site
[PATCH v2] fs/squashfs: sqfs_read: Prevent arbitrary code execution

Source: MISC
Type: Exploit, Mailing List, Patch, Third Party Advisory
https://lore.kernel.org/all/20220609140206.297405-1-miquel.raynal@bootlin.com/

Source: MISC
Type: Exploit, Mailing List, Patch, Third Party Advisory
https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com/

Source: CCN
Type: DENX Web site
Das U-Boot

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-33103

Vulnerable Configuration:Configuration 1:
  • cpe:/a:denx:u-boot:2022.07:rc2:*:*:*:*:*:*
  • OR cpe:/a:denx:u-boot:2022.07:rc1:*:*:*:*:*:*
  • OR cpe:/a:denx:u-boot:2022.07:rc3:*:*:*:*:*:*
  • OR cpe:/a:denx:u-boot:*:*:*:*:*:*:*:* (Version >= 2020.10 and < 2022.07)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7820
    P
    		u-boot-rpiarm64-2021.10-150400.4.11.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:704
    P
    		Security update for u-boot (Important)
    2022-08-22
    oval:org.opensuse.security:def:3649
    P
    		Security update for u-boot (Important) (in QA)
    2022-08-04
    oval:org.opensuse.security:def:95279
    P
    		Security update for u-boot (Important) (in QA)
    2022-08-04
    BACK
    denx u-boot 2022.07 rc2
    denx u-boot 2022.07 rc1
    denx u-boot 2022.07 rc3
    denx u-boot *