Cybersecurity scientists have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader.
The issues, which had been uncovered in the IP defragmentation algorithm executed in U-Boot by NCC Team, could be abused to reach arbitrary out-of-bounds create and denial-of-service (DoS).
U-Boot is a boot loader utilized in Linux-centered embedded systems this kind of as ChromeOS as very well as e-book viewers these as Amazon Kindle and Kobo eReader.

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The issues are summarized under –
- CVE-2022-30790 (CVSS score: 9.6) – Hole Descriptor overwrite in U-Boot IP packet defragmentation potential customers to an arbitrary out-of-bounds publish primitive.
- CVE-2022-30552 (CVSS score: 7.1) – Large buffer overflow prospects to DoS in U-Boot IP packet defragmentation code
It really is truly worth noting that both the flaws are exploitable only from the local network. But doing so can enable an attacker to root the equipment and guide to a DoS by crafting a malformed packet.
The shortcomings are anticipated to be dealt with by U-boot maintainers in an approaching patch, adhering to which buyers are encouraged to update to the latest model.
Discovered this write-up interesting? Adhere to THN on Facebook, Twitter and LinkedIn to browse far more unique material we put up.
Some pieces of this write-up are sourced from:
thehackernews.com