Re: Security vulnerabilities report to Das-U-Boot

Awesome, thanks for the update! On Tue, Feb 25, 2025, 9:59 AM Tom Rini wrote: > On Sat, Feb 22, 2025 at 12:47:45PM -0800, Jonathan Bar Or wrote: > > > Hello Tom and team, > > > > Looks like all of the issues were fixed and merged - am I correct? > > I intend to

Re: Security vulnerabilities report to Das-U-Boot

Hello Tom and team, Looks like all of the issues were fixed and merged - am I correct? I intend to make a public disclosure March 19th, is that okay? Best, Jonathan On Fri, Feb 14, 2025 at 7:24 PM Jonathan Bar Or wrote: > > Please disregard the previous message, those are the actu

Re: [PATCH v2] fs/erofs: fix an integer overflow in symlink resolution

That's great! Thank you for your work! Any expected fixes on the other issues I raised Tom? I'm asking specifically because GRUB2 maintainers are working on solving very similar issues in their repository for SquashFS (being rolled out right now). It'd be best to solve ASAP as people might realize

Re: Security vulnerabilities report to Das-U-Boot

resolution buffer overflow. Best regards, Jonathan On Fri, Feb 14, 2025 at 7:17 PM Jonathan Bar Or wrote: > > Hi folks. > > Here are the CVEs assigned by MITRE: > - CVE-2025-26721: buffer overflow in the persistent storage for file creation > - CVE-2025-26722: buffer ov

Re: Security vulnerabilities report to Das-U-Boot

symlink resolution - CVE-2025-26724: buffer overflow in JFFS2 dirent parsing Best regards, Jonathan On Wed, Feb 12, 2025 at 12:24 AM Miquel Raynal wrote: > > Hello Tom, > > On 11/02/2025 at 15:29:09 -06, Tom Rini wrote: > > > On Tue, Feb 11, 2025 at 08:26:37AM -

Re: [PATCH] fs/erofs: fix an integer overflow in symlink resolution

Got it, looks good. Jonathan On Wed, Feb 12, 2025, 7:33 AM Gao Xiang wrote: > > > On 2025/2/12 22:17, Jonathan Bar Or wrote: > > This is good, but may I suggest using __builtin_add_overflow instead? > > They are just the same. > > erofs-utils follows the kernel style

Re: [PATCH] fs/erofs: fix an integer overflow in symlink resolution

This is good, but may I suggest using __builtin_add_overflow instead? Jonathan On Wed, Feb 12, 2025, 1:31 AM Gao Xiang wrote: > See the original report [1], otherwise len + 1 will be overflowed. > > Note that EROFS archive can record arbitary symlink sizes in principle, > so we don't assume a s

Re: Security vulnerabilities report to Das-U-Boot

Thank you, I've reached out to MITRE for CVE numbers, I will communicate them once assigned (hopefully within a few days). Best regards, Jonathan On Tue, Feb 11, 2025 at 1:29 PM Tom Rini wrote: > > On Tue, Feb 11, 2025 at 08:26:37AM -0800, Jonathan Bar Or wrote: > &g

Re: Security vulnerabilities report to Das-U-Boot

what it's worth, Barebox has similar issues and are currently fixing. Best regards, Jonathan On Mon, Feb 10, 2025 at 7:51 PM Gao Xiang wrote: > > Hi Tom, > > On 2025/2/11 00:41, Tom Rini wrote: > > On Fri, Feb 07, 2025 at 09:53:01AM -0800, Jonathan Bar Or wrote:

Re: Security vulnerabilities report to Das-U-Boot

n and multiplication can cause integer overflows, but not all are exploitable - I believe the ones I report here are. Let me know your thoughts. Best regards, Jonathan On Fri, Feb 7, 2025 at 7:50 AM Tom Rini wrote: > On Thu, Feb 06, 2025 at 07:47:54PM -0800, Jonathan Bar Or wrote: > >

Security vulnerabilities report to Das-U-Boot

Dear U-boot maintainers, What is the best way of reporting security vulnerabilities (memory corruption issues) to Das-U-Boot? Is there a PGP key I should be using? I have 4 issues that I think are worth fixing (with very easy fixes). Best regards, Jonathan