Binarly researchers discovered six new flaws in U-Boot that can crash devices or, in two cases, let attackers run code before signature verification during the boot process. The bugs affect firmware used in routers, smart cameras, and data-center server management chips, and vendors are urged to pull the upstream fixes now since no CVEs have been assigned yet. #Binarly #U-Boot #BRLY-2026-037 #BRLY-2026-038 #BRLY-2026-039 #BRLY-2026-040 #BRLY-2026-041 #BRLY-2026-042
Keypoints
- Binarly found six new flaws in U-Boot’s FIT image verification path.
- Two bugs can lead to code execution before the bootloader checks signatures.
- The other four bugs can crash the bootloader through memory or stack errors.
- The vulnerable code has existed since v2013.07 and affects many vendor firmwares.
- Vendors should apply upstream fixes now and wait for product firmware updates.
Read More: https://thehackernews.com/2026/07/six-new-u-boot-flaws-could-let.html