Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

The flaws in the IP defragmentation method employed by NCC Group in U-Boot could be used to achieve arbitrary out-of-bounds writing and denial-of-service attacks (DoS).

U-Boot is a boot loader for Linux-based embedded devices like ChromeOS and ebook readers like Amazon Kindle and Kobo eReader.

Two unpatched security vulnerabilities in the open-source U-Boot boot loader have been discovered by security experts.

The flaws in the IP defragmentation method employed by NCC Group in U-Boot could be used to achieve arbitrary out-of-bounds writing and denial-of-service attacks (DoS).

U-Boot is a boot loader for Linux-based embedded devices like ChromeOS and ebook readers like Amazon Kindle and Kobo eReader.

The problems are listed below -

  • CVE-2022-30790 CVE-2022-30790 CVE-2022-30790 (CVSS score: 9.6) - In U-Boot IP packet defragmentation, a Hole Descriptor overwrite causes an arbitrary out-of-bounds write primitive.
  • CVE-2022-30552 is a vulnerability that affects computers (CVSS score: 7.1) - In the U-Boot IP packet defragmentation algorithm, a large buffer overflow causes a DoS. 
It's worth mentioning that both weaknesses can only be exploited from within the local network. However, by constructing a faulty packet, an attacker can root the devices and cause a DoS.

U-boot maintainers are expected to remedy the flaws in an upcoming patch, after which users are advised to update to the most recent version.

Comments

Popular posts from this blog

Liborectin Male Enhancement- Techny Thing

Forex Trading Guide: In 3 Easy Steps with These Easy-to-Follow Strategies

How to always access your locked iOS device