CVE-2022-30767

Published: May 16, 2022Modified: Nov 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.

Affected (4)

Products: Denx: U Boot · Fedoraproject: Fedora

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Denx U Boot	Up to 2022.04
Denx U Boot	Version 2022.07 rc1
Denx U Boot	Version 2022.07 rc2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 36

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (11)

https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.denx.de/pipermail/u-boot/2022-May/483952.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/

Source: cve@mitre.org

https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/

Source: cve@mitre.org

ExploitThird Party Advisory

https://source.denx.de/u-boot/u-boot/-/commit/bdbf7a05e26f3c5fd437c99e2755ffde186ddc80

Source: cve@mitre.org

PatchVendor Advisory

https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96