FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to verify that the CVE-2023-39902 issue has been fixed?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

How to verify that the CVE-2023-39902 issue has been fixed?

Jump to solution
‎06-18-2025 06:51 PM
524 Views
ZongYue
Contributor I

By using NXP U-Boot version lf-5.15.5-1.0.0 on the i.MX8MP platform and referencing the patch for CVE-2023-39902 (U-Boot Secondary Program Loader Authentication Vulnerability - CVE-2023-39902 ) from NXP version lf-6.12.3-1.0.0.

This modification appears to address two issues:

  1. Stack overflow caused by excessively long bootargs

  2. U-Boot Secondary Program Loader (SPL) authentication vulnerability

How can we verify that these issues have been successfully fixed in the modified lf-5.15.5-1.0.0 U-Boot?

 

Labels (1)
0 Kudos
Reply
1 Solution

Jump to solution
‎06-23-2025 02:36 AM
474 Views
Harvey021
NXP TechSupport
NXP TechSupport

Will send you system email with bootport patchs for the version of BSP.

 

Regards

Harvey

View solution in original post

0 Kudos
Reply
2 Replies

Jump to solution
‎06-23-2025 05:06 PM
468 Views
ZongYue
Contributor I

Hi @Harvey021 ,

Thank you for providing the patch file for version lf-5.15.5-1.0.0.

0 Kudos
Reply

Jump to solution
‎06-23-2025 02:36 AM
475 Views
Harvey021
NXP TechSupport
NXP TechSupport

Will send you system email with bootport patchs for the version of BSP.

 

Regards

Harvey

0 Kudos
Reply