On Tue, Jul 23, 2019 at 1:09 AM FermÃn Serna fermin@semmle.com wrote:
Hello,
Find attached more information about 13 vulnerabilities we found at U-Boot and its NFS and networking code. Also, find attached a proposed quick patch that should serve as a first initial one and should probably go through iterations of code review.
Please note, these vulnerabilities are not patched yet at the source repository. Tom Rini (U-boot's master custodian) requested the attached report to be published at this mailing list. At this time, and because of this email, we consider these vulnerabilities public.
Would you mind sending the patch again as plain text mail so it can undergo a proper review process on this list?
Regards, Simon
For reference, MITRE has issued CVEs for the vulnerabilities: CVE-2019-14192, CVE-2019-14193, CVE-2019-14194, CVE-2019-14195, CVE-2019-14196, CVE-2019-14197, CVE-2019-14198, CVE-2019-14199, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204
Best regards,
Fermin Semmle Security Research Team _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot