Six vulnerabilities have been discovered in the widely used U-Boot bootloader that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware, according to a recent report by Bleeping Computer.The vulnerabilities, found in U-Boot's FIT signature verification code, range from denial of service to arbitrary code execution. Two flaws could allow attackers to execute malicious code before the operating system loads, enabling them to disable security features or install persistent malware. The remaining four can be exploited to crash vulnerable devices. These flaws potentially affect over 50 stable releases of the U-Boot project and numerous downstream vendor forks. Exploitation does not always require physical access; attackers with compromised management interfaces could upload malicious firmware.Binarly has reported the vulnerabilities and submitted patches, which have been accepted into U-Boot's upstream codebase. However, vendors must incorporate these fixes into their firmware updates, meaning older or unsupported devices may never be patched.Source: Bleeping Computer
Vulnerability Management
Six U-Boot vulnerabilities could allow stealthy firmware attacks

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



