CVE-2022-30767 (https://lists.denx.de/pipermail/u-boot/2022-May/483952.html): https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/ nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. It seems these references are duplicated from CVE-2019-14192 but with the new email and a new comment on the commit. From that comment: "Xeno Kovah (@XenoKovah) found this bypass and is presented as a case study in the course "Vulnerabilities 1001 - OST2". After dynamically verifying the bypass, I am merely reporting the discovery (tested with some dirty code that I hope would never see the sun's light)." Somewhat troubling that this kind of thing would be exploited in the wild in public and not be reported upstream properly.
