On 11/21/22 18:34, Tom Rini wrote:
On Thu, Nov 03, 2022 at 09:37:48AM +0530, Venkatesh Yadav Abbarapu wrote:
DFU implementation does not bound the length field in USB
DFU download setup packets, and it does not verify that
the transfer direction. Fixing the length and transfer
direction.
CVE-2022-2347
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbar...@amd.com>
Reviewed-by: Marek Vasut <ma...@denx.de>
Applied to u-boot/master, thanks!
So this breaks DFU support in SPL as I just found out.
Any idea why ?
