• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
unpatched critical flaws disclosed in u boot bootloader for embedded devices

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

You are here: Home / General Cyber Security News / Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices
June 6, 2022

Cybersecurity scientists have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader.

The issues, which had been uncovered in the IP defragmentation algorithm executed in U-Boot by NCC Team, could be abused to reach arbitrary out-of-bounds create and denial-of-service (DoS).

U-Boot is a boot loader utilized in Linux-centered embedded systems this kind of as ChromeOS as very well as e-book viewers these as Amazon Kindle and Kobo eReader.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

The issues are summarized under –

  • CVE-2022-30790 (CVSS score: 9.6) – Hole Descriptor overwrite in U-Boot IP packet defragmentation potential customers to an arbitrary out-of-bounds publish primitive.
  • CVE-2022-30552 (CVSS score: 7.1) – Large buffer overflow prospects to DoS in U-Boot IP packet defragmentation code

It really is truly worth noting that both the flaws are exploitable only from the local network. But doing so can enable an attacker to root the equipment and guide to a DoS by crafting a malformed packet.

The shortcomings are anticipated to be dealt with by U-boot maintainers in an approaching patch, adhering to which buyers are encouraged to update to the latest model.

Discovered this write-up interesting? Adhere to THN on Facebook, Twitter  and LinkedIn to browse far more unique material we put up.


Some pieces of this write-up are sourced from:
thehackernews.com

Previous Post: «microsoft seizes 41 domains used in spear phishing attacks by bohrium Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers
Next Post: 10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users 10 most prolific banking trojans targeting hundreds of financial apps»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.