Two security vulnerabilities, CVE-2022-30790 and CVE-2022-30552, were discovered in U-boot, a popular boot loader for embedded systems.
The loader has many implementations for various architectures, and is present in most Linux-based embedded systems, including ChromeOS and Android. The two vulnerabilities reside in the IP Defragmentation algorithm.
It should be noted that the development of u-boot is “closely related to Linux”. According to the project’s GitHub page, some parts of its source code originate in the Linux source code tree, with some header files in common.
CVE-2022-30790 and CVE-2022-30552
The vulnerabilities could be leveraged in arbitrary out-of-bounds write attacks, as well as denial-of-service attack scenarios:
- Technical Advisory – Hole Descriptor Overwrite in U-Boot IP Packet Defragmentation Leads to Arbitrary Out of Bounds Write Primitive (CVE-2022-30790);
- Technical Advisory – Large buffer overflow leads to DoS in U-Boot IP Packet Defragmentation Code (CVE-2022-30552).
CVE-2022-30790 affects the U-Boot implementation of RFC815 IP DATAGRAM REASSEMBLY ALGORITHMS, which is susceptible to a Hole Descriptor overwrite attack which ultimately leads to an arbitrary write primitive.
CVE-2022-30552 could lead to a buffer overflow through a specially crafted fragmented IP Datagram with an invalid total length which causes a denial of service.
Both issues can be exploited only from the local network, which could then allow attackers to root the devices and perform a DoS attack via a malformed packet. Fixes will be made available soon, and users should update to the latest version as soon as possible. More information is available in the official advisory.