New U-Boot flaws could enable stealthy firmware attacks

New U-Boot flaws could enable stealthy firmware attacks
Six vulnerabilities in U-Boot could let attackers run code during device boot, bypassing security controls and potentially installing persistent firmware malware. Binarly reported the flaws in U-Boot’s FIT signature verification code, and patches have been accepted upstream, though many vendor firmware updates are still needed. #UBoot #Binarly #FIT

Keypoints

  • Six vulnerabilities were found in U-Boot bootloader code used across many embedded systems.
  • Two flaws could enable arbitrary code execution during firmware signature verification.
  • The other four issues can crash vulnerable devices during boot.
  • Attackers may exploit the bugs before the operating system and security tools start.
  • Fixes are in upstream U-Boot, but many vendor devices may remain unpatched.

Read More: https://www.bleepingcomputer.com/news/security/new-u-boot-flaws-could-enable-stealthy-firmware-attacks/