High severity7.7NVD Advisory· Published Sep 23, 2022· Updated May 12, 2026

CVE-2022-2347

Description

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a wLength greater than 4096 bytes, they can write beyond the heap-allocated request buffer.

Affected products

Denx/U Boot
cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:*
Range: >=2012.10,<=2022.07
Uboot/Ubootv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/oss-sec/2022/q3/41nvdExploitMailing ListThird Party Advisory
cert-portal.siemens.com/productcert/html/ssa-577017.htmlnvd
lists.debian.org/debian-lts-announce/2025/05/msg00001.htmlnvd

News mentions

Siemens Ruggedcom Rox
CISA Alerts

cvss	0.501
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000