Six vulnerabilities in U-Boot could let attackers run code during device boot, bypassing security controls and potentially installing persistent firmware malware. Binarly reported the flaws in U-Boot’s FIT signature verification code, and patches have been accepted upstream, though many vendor firmware updates are still needed. #UBoot #Binarly #FIT
Keypoints
- Six vulnerabilities were found in U-Boot bootloader code used across many embedded systems.
- Two flaws could enable arbitrary code execution during firmware signature verification.
- The other four issues can crash vulnerable devices during boot.
- Attackers may exploit the bugs before the operating system and security tools start.
- Fixes are in upstream U-Boot, but many vendor devices may remain unpatched.