Critical vulnerabilities found in U-Boot

NCC Group experts have found two critical vulnerabilities in the U-Boot bootloader, which is used in embedded Linux-based systems, including ChromeOS and Android, as well as in e-readers such as the Amazon Kindle and Kobo eReader. U-Boot supports a range of architectures, including 68k, ARM, x86, MIPS, Nios, PPC, and more.

The researchers write that problems were found in the IP defragmentation algorithm implemented in U-Boot. Bugs can be used to implement out-of-bounds recording, as well as to provoke a denial of service (DoS).

The first vulnerability, CVE-2022-30790 (9.6 on the CVSS scale), is associated with overwriting the hole descriptor during IP defragmentation, which leads to the fact that metadata and fragments can be changed in such a way as to point to the same place. Because of this, it becomes possible to overwrite metadata with fragmented data, and an attacker has the opportunity to write out-of-bounds.

“This bug can only be exploited on a local network, as it requires the creation of a malicious packet that will most likely be dropped during routing. However, the problem can be effectively used for local rooting of Linux-based embedded devices,” writes the NCC Group.

The second vulnerability, CVE-2022-30552 (CVSS score of 7.1), is a buffer overflow and leads to a denial of service.

The bugs are expected to be fixed by the U-boot developers in an upcoming patch, but so far there are no fixes, but it is emphasized that both vulnerabilities can only be exploited locally.

Priyanka Sharma
Priyanka Sharma
Myself Priyanka, a talented and experienced writer with a passion for technology, business, and digital marketing. As a writer, I ensure that each piece of content I produce is of the highest quality. I closely work with ONH Team to deliver high-quality content.

Latest Articles