DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction. Fixing the length and transfer direction. CVE-2022-2347 Signed-off-by: kevin-qian <kevin.qian@hisilicon.com>
[ { "Name": "Das U-Boot", "License": "GPL-2.0", "License File": "LICENSE", "Version Number": "2020.01", "Owner": "yuanwenhong@hisilicon.com", "Upstream URL": "https://github.com/u-boot/u-boot/archive/refs/tags/v2020.01.zip", "Description": "uboot" } ]