• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
unpatched critical flaws disclosed in u boot bootloader for embedded devices

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

You are here: Home / General Cyber Security News / Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices
June 6, 2022

Cybersecurity scientists have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader.

The issues, which had been uncovered in the IP defragmentation algorithm executed in U-Boot by NCC Team, could be abused to reach arbitrary out-of-bounds create and denial-of-service (DoS).

U-Boot is a boot loader utilized in Linux-centered embedded systems this kind of as ChromeOS as very well as e-book viewers these as Amazon Kindle and Kobo eReader.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


CyberSecurity

The issues are summarized under –

  • CVE-2022-30790 (CVSS score: 9.6) – Hole Descriptor overwrite in U-Boot IP packet defragmentation potential customers to an arbitrary out-of-bounds publish primitive.
  • CVE-2022-30552 (CVSS score: 7.1) – Large buffer overflow prospects to DoS in U-Boot IP packet defragmentation code

It really is truly worth noting that both the flaws are exploitable only from the local network. But doing so can enable an attacker to root the equipment and guide to a DoS by crafting a malformed packet.

The shortcomings are anticipated to be dealt with by U-boot maintainers in an approaching patch, adhering to which buyers are encouraged to update to the latest model.

Discovered this write-up interesting? Adhere to THN on Facebook, Twitter  and LinkedIn to browse far more unique material we put up.


Some pieces of this write-up are sourced from:
thehackernews.com

Previous Post: «microsoft seizes 41 domains used in spear phishing attacks by bohrium Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers
Next Post: 10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users 10 most prolific banking trojans targeting hundreds of financial apps»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.