Skip to content
Tech News
← Back to articles

New U-Boot flaws could enable stealthy firmware attacks

read original more articles

Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware.

U-Boot is one of the world's most widely used open-source bootloaders and is found in many embedded Linux devices, including enterprise servers' Baseboard Management Controllers (BMCs), networking equipment, industrial systems, IoT devices, and other appliances.

Because U-Boot is responsible for loading the operating system, vulnerabilities in the bootloader can allow attackers to compromise a device before the operating system and its security software have a chance to start.

One of its security features, known as Verified Boot, uses cryptographic signatures to ensure that only firmware and operating system images signed by a trusted key are loaded during startup.

In a report published this week, firmware security company Binarly disclosed six vulnerabilities in U-Boot's FIT (Flattened Image Tree) signature verification code.

"Recognising the critical nature of this component, the Binarly Research team decided to examine the core functionality of the U-Boot project more closely," explains Binarly.

"This research revealed six distinct vulnerabilities, ranging in impact from denial of service (DoS) to arbitrary code execution during the verification of an untrusted image."

According to the researchers, two of the flaws can potentially lead to arbitrary code execution during firmware verification, while the remaining four can be exploited to crash vulnerable devices.

As these flaw impact the code for validating firmware images before the operating system starts, if an attacker can exploit that process, they may be able to execute malicious code before the operating system loads.

The six disclosed vulnerabilities are:

... continue reading