Unrated severityNVD Advisory· Published Jul 1, 2022· Updated Nov 3, 2025
CVE-2022-33103
CVE-2022-33103
Description
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Das U-Boot versions v2020.10 to v2022.07-rc3 have an out-of-bounds write in sqfs_readdir(), leading to potential memory corruption.
Vulnerability
Das U-Boot from v2020.10 to v2022.07-rc3 contains an out-of-bounds write vulnerability in the sqfs_readdir() function of the SquashFS filesystem support [1][2]. The bug occurs when processing a specially crafted SquashFS filesystem image that provides malformed directory entries, causing the code to write beyond the allocated buffer [2]. Affected versions are all releases from v2020.10 up to and including v2022.07-rc3 [1][2].
Exploitation
An attacker with the ability to supply a malicious SquashFS image (e.g., by providing a crafted root filesystem that U-Boot will read during boot, or by convincing a user to load such an image) can trigger the out-of-bounds write. No authentication is required beyond the ability to have U-Boot process the malicious filesystem; the attacker does not need network access if physical or local loading is possible [1][2].
Impact
Successful exploitation results in memory corruption, which may cause a denial of service or potentially lead to arbitrary code execution within the U-Boot environment. The exact privilege level is that of U-Boot itself, which operates before the operating system boots [1][2].
Mitigation
A fix was introduced in U-Boot commit 4136ab00b2b2 ("squashfs: fix out-of-bounds write in sqfs_readdir") and is included in U-Boot v2022.07 and later releases [1][2]. Users should upgrade to v2022.07 or apply the patch to earlier versions. No workaround has been published for systems that cannot immediately update.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
89- osv-coords87 versionspkg:rpm/opensuse/u-boot-avnetultra96rev1&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-avnetultra96rev1&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-bananapim64&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-bananapim64&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-dragonboard410c&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-dragonboard410c&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-dragonboard820c&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-dragonboard820c&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-evb-rk3399&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-evb-rk3399&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-firefly-rk3399&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-firefly-rk3399&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-geekbox&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-geekbox&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-hikey&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-hikey&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-khadas-vim2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-khadas-vim2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-khadas-vim&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-khadas-vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-libretech-ac&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-libretech-ac&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-libretech-cc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-libretech-cc&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-ls1012afrdmqspi&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-ls1012afrdmqspi&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-mvebudb-88f3720&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-mvebudb-88f3720&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-mvebudbarmada8k&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-mvebudbarmada8k&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-mvebuespressobin-88f3720&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-mvebuespressobin-88f3720&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-mvebumcbin-88f8040&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-mvebumcbin-88f8040&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-nanopia64&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-nanopia64&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-odroid-c2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-odroid-c2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-odroid-c4&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-odroid-c4&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-odroid-n2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-odroid-n2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-orangepipc2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-orangepipc2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-p2371-2180&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-p2371-2180&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-p2771-0000-500&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-p2771-0000-500&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-p3450-0000&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-p3450-0000&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-pine64plus&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-pine64plus&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-pinebook&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-pinebook&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-pinebook-pro-rk3399&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-pinebook-pro-rk3399&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-pineh64&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-pineh64&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-pinephone&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-pinephone&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-poplar&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-poplar&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-rock64-rk3328&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-rock64-rk3328&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-rock960-rk3399&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-rock960-rk3399&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-rock-pi-4-rk3399&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-rock-pi-4-rk3399&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-rock-pi-n10-rk3399pro&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-rockpro64-rk3399&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-rockpro64-rk3399&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-rpi3&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-rpi3&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-rpi4&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-rpi4&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-rpiarm64&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-rpiarm64&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-xilinxzynqmpvirt&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-xilinxzynqmpvirt&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/u-boot-xilinxzynqmpzcu102rev10&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/u-boot-xilinxzynqmpzcu102rev10&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/u-boot&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/u-boot&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/u-boot-rpiarm64&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/u-boot-rpiarm64&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
< 2021.01-150300.7.18.1+ 86 more
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
- (no CPE)range: < 2021.01-150300.7.18.1
- (no CPE)range: < 2021.10-150400.4.11.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- lore.kernel.org/all/20220609140206.297405-1-miquel.raynal%40bootlin.com/mitrex_refsource_MISC
- lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw%40mail.gmail.com/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.