Monday, June 6, 2022
HomeCyber SecurityUnpatched Important Flaws Disclosed in U-Boot Bootloader for Embedded Gadgets

Unpatched Important Flaws Disclosed in U-Boot Bootloader for Embedded Gadgets


Cybersecurity researchers have disclosed two unpatched safety vulnerabilities within the open-source U-Boot boot loader.

The problems, which have been uncovered within the IP defragmentation algorithm applied in U-Boot by NCC Group, could possibly be abused to attain arbitrary out-of-bounds write and denial-of-service (DoS).

U-Boot is a boot loader utilized in Linux-based embedded programs equivalent to ChromeOS in addition to e book readers equivalent to Amazon Kindle and Kobo eReader.

CyberSecurity

The problems are summarized under –

  • CVE-2022-30790 (CVSS rating: 9.6) – Gap Descriptor overwrite in U-Boot IP packet defragmentation results in an arbitrary out-of-bounds write primitive.
  • CVE-2022-30552 (CVSS rating: 7.1) – Giant buffer overflow results in DoS in U-Boot IP packet defragmentation code

It is value noting that each the issues are exploitable solely from the native community. However doing so can allow an attacker to root the units and result in a DoS by crafting a malformed packet.

The shortcomings are anticipated to be addressed by U-boot maintainers in an upcoming patch, following which customers are beneficial to replace to the newest model.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments