Hi Tom, Hi Stefan,
On Thu, Nov 14, 2024 at 8:33 AM Tom Rini trini@konsulko.com wrote:
On Thu, Nov 14, 2024 at 04:07:15PM +0100, Michal Simek wrote:
Hi,
On 11/14/24 15:56, Tom Rini wrote:
On Thu, Nov 14, 2024 at 04:02:29AM +0000, zdi-disclosures@trendmicro.com wrote:
Hi, Do you have any updates to share regarding this vulnerability report?
Michal, microblaze-generic is the most active platform that enables FS_JFFS2 by default and so vulnerable here. Can you find some resources to look in to fixing this please? Thanks.
We have actually discussed this recently and we have other issues with jffs2 and not going to fix it or recommend to use it. JFFS2 should be removed from our configs and it is also not under our regression.
Ah OK, thanks. Adding a few more maintainers now then.
Does this affect only boards that explicitly use CMD_JFFS2? how about boards that have not been converted to bootstd and still use "nand read" like this:
include/configs/openrd.h
#define CFG_EXTRA_ENV_SETTINGS "x_bootargs=console=ttyS0,115200 " \ CONFIG_MTDPARTS_DEFAULT " rw ubi.mtd=2,2048\0" \ "x_bootcmd_kernel=nand read 0x6400000 0x100000 0x300000\0" \
All the best, Tony