It is same bug also resolved by 6039e0edc8540bd2a ("imx: hab:Simplify the
mechanism").
NXP Downstream uses different implementation with upstream.
Best regards,
Ye Li
> -----Original Message-----
> From: Tom Rini <[email protected]>
> Sent: Monday, June 23, 2025 11:14 PM
> To: Rolf Eike Beer <[email protected]>; Stefano Babic <[email protected]>;
> Fabio Estevam <[email protected]>; dl-uboot-imx <[email protected]>;
> Peng Fan <[email protected]>
> Cc: [email protected]
> Subject: [EXT] Re: Was plain U-Boot affected by CVE-2023-39902?
>
> On Thu, Jun 19, 2025 at 09:35:25AM +0200, Rolf Eike Beer wrote:
> > Hi all,
> >
> > for entirely unrelated reasons I came accross CVE-2023-39902:
> >
> > > A software vulnerability has been identified in the U-Boot Secondary
> > > Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family
> > > processors. Under certain conditions, a crafted Flattened Image Tree
> > > (FIT) format structure can be used to overwrite SPL memory, allowing
> > > unauthenticated software to execute on the target, leading to privilege
> escalation.
> >
> > This links to
> > https://community.nxp.com/t5/i-MX-Security/U-Boot-Secondary-Program-
> Lo
> > ader-Authentication-Vulnerability-CVE/ta-p/1736196, which links 4
> > patches. The relevant one seems to me
> > https://github.com/nxp-imx/uboot-imx/
> > commit/0746cfd931de8f7591d263ff60dd806ffe23c093, and for my limited
> > understanding the actual fix is the first hunk.
> >
> > A similar change has been made in 6039e0edc8540bd2a ("imx: hab:
> > Simplify the mechanism"), so I wonder if this is just an unnoticed
> > instance of the very same bug?
> >
> > Opinions?
>
> Lets add the iMX folks..
>
> --
> Tom
