• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

You are here: Home / General Cyber Security News / Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices
June 6, 2022

U-Boot Bootloader for Embedded Devices

Cybersecurity scientists have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader.

The issues, which had been uncovered in the IP defragmentation algorithm executed in U-Boot by NCC Team, could be abused to reach arbitrary out-of-bounds create and denial-of-service (DoS).

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


U-Boot is a boot loader utilized in Linux-centered embedded systems this kind of as ChromeOS as very well as e-book viewers these as Amazon Kindle and Kobo eReader.

CyberSecurity

The issues are summarized under –

  • CVE-2022-30790 (CVSS score: 9.6) – Hole Descriptor overwrite in U-Boot IP packet defragmentation potential customers to an arbitrary out-of-bounds publish primitive.
  • CVE-2022-30552 (CVSS score: 7.1) – Large buffer overflow prospects to DoS in U-Boot IP packet defragmentation code

It really is truly worth noting that both the flaws are exploitable only from the local network. But doing so can enable an attacker to root the equipment and guide to a DoS by crafting a malformed packet.

The shortcomings are anticipated to be dealt with by U-boot maintainers in an approaching patch, adhering to which buyers are encouraged to update to the latest model.

Discovered this write-up interesting? Adhere to THN on Facebook, Twitter  and LinkedIn to browse far more unique material we put up.


Some pieces of this write-up are sourced from:
thehackernews.com

Previous Post: «microsoft seizes 41 domains used in spear phishing attacks by bohrium Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices
  • Microsoft Seizes 41 Domains Used in Spear-Phishing Attacks by Bohrium Hackers
  • Be Proactive! Shift Security Validation Left
  • CISA Warned About Critical Vulnerabilities in Illumina’s DNA Sequencing Devices
  • Cyber security companies ‘must remember who the enemies are’
  • Gloucester Council IT Systems Still Not Fully Operational Six Months After Cyber-Attack
  • Exploitation of Atlassian Confluence zero-day surges fifteen-fold in 24 hours
  • India’s new cyber rules risk driving away tech companies
  • State-sponsored hackers delay new Microsoft Exchange Server by four years
  • Russian Ministry Website Reportedly Hacked

Copyright © TheCyberSecurity.News, All Rights Reserved.