27 May
2022
27 May
'22
3:30 p.m.
On Wed, May 18, 2022 at 04:30:08PM +0000, Andrea zi0Black Cappa wrote:
This patch mitigates the vulnerability identified via CVE-2019-14196. The previous patch was bypassed/ineffective, and now the vulnerability is identified via CVE-2022-30767. The patch removes the sanity check introduced to mitigate CVE-2019-14196 since it's ineffective. filefh3_length is changed to unsigned type integer, preventing negative numbers from being used during comparison with positive values during size sanity checks.
Signed-off-by: Andrea zi0Black Cappa zi0Black@protonmail.com
Applied to u-boot/master, thanks!
--
Tom