CVE-2022-2347
HIGHU-Boot 2012.10-2022.07 - Heap-based Buffer Overflow via USB DFU Download Setup Packet
Title source: llmDescription
There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.
References (3)
Core 3
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/oss-sec/2022/q3/41
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-577017.html
Scores
CVSS v3
7.7
EPSS
0.0058
EPSS Percentile
43.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-122
CWE-787
Status
published
Products (2)
denx/u-boot
2012.10 - 2022.07
Uboot/Uboot
unspecified - 2022.07
Published
Sep 23, 2022
Tracked Since
Feb 18, 2026