Unpatched Critical Bugs Revealed in U-Boot Bootloader for Embedded Devices


Cybersecurity researchers have revealed: two unpatched security vulnerabilities in the open-source U-Boot boot loader.

The problems that arose in the IP defragmentation algorithm implemented in U-Boot by NCC Group, can be abused to achieve arbitrary out-of-bounds writes and denial-of-service (DoS).

U-Boat is a bootloader used in Linux-based embedded systems such as ChromeOS, as well as ebook readers such as Amazon Kindle and Kobo eReader.

The issues are summarized below –

CVE-2022-30790 (CVSS Score: 9.6) – Hole Descriptor Overwrite in U-Boot IP Packet Defragmenter leads to a random primitive out-of-bounds write. CVE-2022-30552 (CVSS Score: 7.1) – Large Buffer Overflow Leads to DoS in U-Boot IP Packet Defragmenter Code

It is worth noting that both errors can only be exploited from the local network. But this allows an attacker to root the devices and lead them to a DoS by creating a malformed package.

The deficiencies are expected to be addressed by U-boot administrators in an upcoming patch, after which users are recommended to update to the last version