Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

The flaws in the IP defragmentation method employed by NCC Group in U-Boot could be used to achieve arbitrary out-of-bounds writing and denial-of-service attacks (DoS).

U-Boot is a boot loader for Linux-based embedded devices like ChromeOS and ebook readers like Amazon Kindle and Kobo eReader.

Two unpatched security vulnerabilities in the open-source U-Boot boot loader have been discovered by security experts.

The flaws in the IP defragmentation method employed by NCC Group in U-Boot could be used to achieve arbitrary out-of-bounds writing and denial-of-service attacks (DoS).

U-Boot is a boot loader for Linux-based embedded devices like ChromeOS and ebook readers like Amazon Kindle and Kobo eReader.

The problems are listed below -

  • CVE-2022-30790 CVE-2022-30790 CVE-2022-30790 (CVSS score: 9.6) - In U-Boot IP packet defragmentation, a Hole Descriptor overwrite causes an arbitrary out-of-bounds write primitive.
  • CVE-2022-30552 is a vulnerability that affects computers (CVSS score: 7.1) - In the U-Boot IP packet defragmentation algorithm, a large buffer overflow causes a DoS. 
It's worth mentioning that both weaknesses can only be exploited from within the local network. However, by constructing a faulty packet, an attacker can root the devices and cause a DoS.

U-boot maintainers are expected to remedy the flaws in an upcoming patch, after which users are advised to update to the most recent version.

Comments

Post a Comment

Popular posts from this blog

Liborectin Male Enhancement- Techny Thing

Image
  What is Liborectin Male Enhancement ? Liborectin Male Enhancement - Everyone enjoys social interaction. So instead of falling into the endless cycle of life and disregarding sex, choose this component. The manufacturer of this product selected a variety of natural and regional ingredients that actually separate in the body to produce the desired effect. To make your sexual coexistence profoundly intriguing, the manufacturer of this product has selected Tongkat Ali and other primary enhancements that have been used for an indefinite period of time to diminish your masculinity. ►Visit The Official Website To Get Your Bottle Now◄ ➢Product Name — Liborectin Male Enhancement ➢Main Benefits — Improve Health & Helps In Improve Pain Relief ➢ Composition   — Natural Organic Compound ➢ Side-Effects   — NA ➢ Rating:        — ⭐⭐⭐⭐⭐ ➢ Availability — Online ➢Price (For Sale) Buy Now Here — Click Here How Does the Liborectin Male Enhancement Work? If your body dislikes low testoster
Read more

Surge Max CBD Gummies- Techny

Image
  What exactly are Surge Max CBD Gummies? Surge Max CBD Gummies are a novel and innovative CBD formulation derived from hemp. The vendor states that the product is completely effective and secure. It may aid in alleviating anxiety and stress, as well as chronic pain. This is a typical issue that many confront, and a large number of people are using CBD to treat it. As a result, numerous companies are producing CBD products, but there are many fakes and low-quality supplements. There are just a handful of authentic CBD products: ►Visit The Official Website To Get Your Bottle Now◄ ➢Product Name  — Surge Max CBD Gummies ➢Main Benefits — Improve Health & Helps In Improve Pain Relief ➢ Composition — Natural Organic Compound ➢ Side-Effects  — NA ➢ Rating:       — ⭐⭐⭐⭐⭐ ➢ Availability — Online ➢Price (For Sale) Buy Now Here — Click Here How can Surge Max CBD Gummies Work? Surge Max CBD Gummies are a simple route of administration. These gummies are highly effective in treati
Read more

How to always access your locked iOS device

Image
  How to always access your locked iOS device If you've recently changed your iOS device's access password and keep trying it, only to realize after the device locks that you've recently changed the password. If you have MobiUnlock, it's not a big deal. This excellent app allows you to get back in when your iOS device is disabled or locked by Activation Lock, among other things. The multipurpose iOS unlocking tool can assist you in resolving a wide range of issues with your iPhone, iPad, or iPod touch. You can, for example:   To regain access to your smartphone, remove the 4/6-digit password as well as Touch ID and Face ID.  Without a password, you can factory reset an iPhone or iPad. Without a lost password, you can delete an Apple ID from an iPhone. Using only the iPhone passcode, bypass the iOS Activation Lock. To break the limitations, turn off screen time without the passcode. To create an unencrypted iTunes backup or find preserved passwords on an iOS device, dele
Read more