MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2020-25860

CVSS 6.6v3.1pub. 2020-12-21upd. 2024-11-21

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Pengutronix Rauc

    APP
    Pengutronix
    < 1.5
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Race Condition
CWE
References

Related vulnerabilities

CVE-2026-34155HIGH7.2ten sam produkt

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'p...

CVE-2020-13910CRITICAL9.1ten sam vendor

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a fiel...

CVE-2019-15937CRITICAL9.8ten sam vendor

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because ...

CVE-2019-15938CRITICAL9.8ten sam vendor

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a l...

CVE-2026-34960HIGH7.1ten sam vendor

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within ...