On 11/3/22 05:07, Venkatesh Yadav Abbarapu wrote:
DFU implementation does not bound the length field in USB
DFU download setup packets, and it does not verify that
the transfer direction. Fixing the length and transfer
direction.
CVE-2022-2347
+CC Tom
Reading through https://seclists.org/oss-sec/2022/q3/41 the disclosure
timeline at the end, I am really sad that this only reached me (as the
USB maintainer) now in this form.
Maybe there should be some dedicated advertised ML for these things ?
Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbar...@amd.com>
Reviewed-by: Marek Vasut <ma...@denx.de>
Tom, please pick this directly soon.
