CVE-2022-34835
30.06.2022, 00:15
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| denx | u-boot | 𝑥 < 2022.07 |
| denx | u-boot | 2022.07:rc1 |
| denx | u-boot | 2022.07:rc2 |
| denx | u-boot | 2022.07:rc3 |
| denx | u-boot | 2022.07:rc4 |
| denx | u-boot | 2022.07:rc5 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX MX5000RE | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1400 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1500 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1501 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1510 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1511 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1512 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1524 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX1536 | 𝑥 < V2.17.1 | ADP |
| Siemens | RUGGEDCOM ROX RX5000 | 𝑥 < V2.17.1 | ADP |
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| u-boot-rpi3 |
| ||||||||||||||||||||||||||||||||||||||||||
| u-boot-rpiarm64 |
| ||||||||||||||||||||||||||||||||||||||||||
| u-boot-rpiarm64-doc |
| ||||||||||||||||||||||||||||||||||||||||||
| u-boot-tools |
|
Common Weakness Enumeration
References