PatchSiren cyber security CVE debrief

CVE-2022-30552 Denx CVE debrief

CVE-2022-30552 is a buffer overflow in Denx U-Boot 2022.01. NVD scores it 5.5/Medium and classifies the issue as locally exploitable with low privileges and no user interaction, with a primary impact on availability. For embedded and firmware teams, the main concern is denial of service or boot disruption in devices that ship or embed the affected U-Boot release.

Vendor: Denx
Product: CVE-2022-30552
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2022-06-08
Original CVE updated: 2026-05-12
Advisory published: 2022-06-08
Advisory updated: 2026-05-12

Who should care

Embedded device vendors, OEM firmware teams, bootloader maintainers, and operators responsible for products that ship Denx U-Boot 2022.01 should review this issue. It matters most where local, console, maintenance, or recovery access is possible.

Technical summary

The NVD entry maps this issue to CWE-120 (buffer overflow) in U-Boot 2022.01. The published vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates a local attacker with low privileges and no user interaction may be able to trigger an availability-impacting failure. The supplied corpus does not provide deeper implementation detail, so defenders should treat affected firmware as needing vendor confirmation and patch verification rather than assuming identical exposure in every product.

Defensive priority

Medium. The CVSS score is 5.5, but the issue can affect bootloader availability in embedded environments, where a crash or failed boot can have outsized operational impact.

Recommended defensive actions

Inventory products and firmware images that include U-Boot 2022.01 or a vendor-derived build.
Check the linked U-Boot release tags and vendor advisories to identify the fixed release for your platform.
Apply vendor-provided firmware updates that include a patched U-Boot build.
Restrict local, physical, console, and recovery-path access to affected devices until they are updated.
Validate the update across all device variants, boot paths, and recovery images before broad rollout.
Monitor for boot failures or maintenance-console instability after remediation to confirm the fix is effective.

Evidence notes

The supplied NVD record identifies CVE-2022-30552 as affecting cpe:2.3:a:denx:u-boot:2022.01 and classifies it with CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and CWE-120. The record also links to U-Boot release tags, an NCC Group technical advisory, Debian LTS, and Siemens ProductCERT materials. The supplied enrichment does not mark this CVE as KEV or associated with a ransomware campaign.

Official resources

CVE-2022-30552 CVE record
CVE.org
CVE-2022-30552 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Release Notes, Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory
Source reference
af854a3a-2127-422b-91ae-364da2661108
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Publicly disclosed with CVE publication on 2022-06-08. The supplied enrichment marks no Known Exploited Vulnerability entry and no ransomware campaign association. NVD modified the record on 2026-05-12.