Hi Jianqiang, On Wed, 5 Jun 2024 at 07:40, jianqiang wang <wjq....@gmail.com> wrote: > > Dear Das U-Boot developers, > > I found that the u-boot device tree implementation lacks a check for the > off_dt_struct field in the device tree. > > In file scripts\dtc\libfdt\libfdt_internal.h, fdt_offset_ptr_ returns the > dt struct address. It calculates the address by adding the header address, > fdt offset, and a specified offset. However, the fdt offset is read from > the device tree and lacks a proper check. The returned pointer can even > point to any address, leading to arbitrary read or write. > > Could you please confirm it is a vulnerability?
Doesn't fdt_check_header() help here? Where are you calling the code from? Regards, Simon
