Source: u-boot X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for u-boot. CVE-2022-34835[0]: | In Das U-Boot through 2022.07-rc5, an integer signedness error and | resultant stack-based buffer overflow in the "i2c md" command enables | the corruption of the return address pointer of the do_i2c_md | function. https://lists.denx.de/pipermail/u-boot/2022-June/486113.html https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-34835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34835 Please adjust the affected versions in the BTS as needed.
