HIGH🇬🇧 English

CVE-2026-34963

CVSS 8.6v4.0pub. 2026-05-11upd. 2026-05-13

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section loading logic fails to validate that PointerToRawData plus copied size remains within the PE file buffer. An attacker can supply a malicious EFI PE binary via TFTP, USB, SD card, or network boot to trigger heap buffer overflow or out-of-bounds read from heap memory, potentially achieving code execution in bootloader context.

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Pengutronix Barebox

    APP
    Pengutronix
    < 2026.04.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2020-13910CRITICAL9.1ten sam produkt

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a fiel...

CVE-2019-15938CRITICAL9.8ten sam produkt

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a l...

CVE-2019-15937CRITICAL9.8ten sam produkt

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because ...

CVE-2026-34960HIGH7.1ten sam produkt

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within ...

CVE-2026-33243HIGH8.2ten sam produkt

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 (and the corresponding ...