Critical flaws in the U-Boot Bootloader for Embedded Devices have gone unpatched

Das U-Boot is an open-source, primary boot loader used in embedded devices to packaging the instructions to boot the device’s operating system kernel. It is available for a number of computer architectures, including 68k, ARM, Blackfin, MicroBlaze, MIPS, Nios, SuperH, PPC, RISC-V, and x86.

Two unpatched security vulnerabilities in the open-source U-Boot boot loader have been discovered by security experts. The flaws in the IP defragmentation method employed by NCC Group in U-Boot could be used to achieve arbitrary out-of-bounds writing and denial-of-service attacks (DoS).

Let’s have a look at the issues:

CVE-2022-30790 CVE-2022-30790 CVE-2022-30790 (CVSS score: 9.6) – In U-Boot IP packet defragmentation, a Hole Descriptor overwrite causes an arbitrary out-of-bounds write primitive.

CVE-2022-30552 is a vulnerability that affects computers (CVSS score: 7.1) – In the U-Boot IP packet defragmentation algorithm, a large buffer overflow causes a DoS.

It’s worth mentioning that both weaknesses can only be exploited from within the local network. However, by constructing a faulty packet, an attacker can root the devices and cause a DoS.

U-boot maintainers are expected to remedy the flaws in an upcoming patch, after which users are advised to update to the most recent version.