Hi Tom/Sin Liang, On 27/02/2026 23:07, Tom Rini wrote: > On Fri, Feb 27, 2026 at 09:28:44PM +0000, Lee, Sin Liang wrote: > >> Thank you for the quick response. We will follow the submission guidelines >> for our fixes and attribution. >> In the meantime, would you be able to confirm the reported vulnerabilities >> on your side? That would help us make sure we are aligned on impact and >> scope as we finalize the fixes. > > I'm adding our networking custodian to the thread, for when he has time > to take a look. > >> Regards, >> Sin Liang
I have reviewed the submissions and believe the reported vulnerabilities are valid. However, I would question the C:H rating in all reports except UBOOT_NFS_OOB_READ. It is not clear to me how data could be disclosed in those cases, so a C:N rating may be more appropriate. I also have a few minor comments on the proposed patches, which can be addressed once the patches are submitted to the mailing list. Thanks, -- Jerome
