Fixed
Created: Nov 25, 2018
Updated: Sep 13, 2022
Resolved Date: Jan 30, 2019
Found In Version: unknown
Fix Version: 10.18.44.4
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: BSP, Userspace
CVE-2018-18439: U-Boot insufficient boundary checks in network image boot
The U-Boot bootloader supports kernel loading from a variety of network
sources, such as TFTP via the `tftpboot` command.
This command does not protect system memory from being overwritten when loading
files of a length that exceeds the boundaries of the relocated U-Boot memory
region, filled with the loaded file starting from the passed `loadAddr`
variable.
Therefore an excessively large boot image, served over TFTP, can be crafted to
overwrite all U-Boot static and runtime memory segments, and in general all
device addressable memory starting from the `loadAddr` load address argument.
The memory overwrite can directly lead to arbitrary code execution, fully
controlled by the contents of the loaded image.
When verified boot is implemented, the issue allows to bypass its intended
validation as the memory overwrite happens before any validation can take
place.
For more details check https://seclists.org/oss-sec/2018/q4/125