21 Nov
2024
21 Nov
'24
12:36 p.m.
On Thu 2024-11-14 08:56:36, Tom Rini wrote:
On Thu, Nov 14, 2024 at 04:02:29AM +0000, zdi-disclosures@trendmicro.com wrote:
Hi, Do you have any updates to share regarding this vulnerability report?
Michal, microblaze-generic is the most active platform that enables FS_JFFS2 by default and so vulnerable here. Can you find some resources to look in to fixing this please? Thanks.
Is that a real vulnerability?
If you can write to raw flash, you can also replace u-boot, no need to to corrupt jffs...
Pavel
--
People of Russia, stop Putin before his war on Ukraine escalates.