Connect with us

Hi, what are you looking for?


Endpoint Security

Critical U-Boot Vulnerability Allows Rooting of Embedded Systems

A critical vulnerability in the U-Boot boot loader could be exploited to write arbitrary data, which can allow an attacker to root Linux-based embedded systems, according to NCC Group.

A critical vulnerability in the U-Boot boot loader could be exploited to write arbitrary data, which can allow an attacker to root Linux-based embedded systems, according to NCC Group.

An open-source boot loader, U-Boot is used in various types of embedded systems, including ChromeOS and Android. It supports multiple architectures, including 68k, ARM, x86, MIPS, Nios, PPC, and more.

NCC Group explains that the IP defragmentation algorithm implemented in U-Boot is plagued by two vulnerabilities that can be exploited from the local network by crafting malformed packets.

Tracked as CVE-2022-30790 (CVSS score of 9.6), the first of the vulnerabilities exposes the defragmentation algorithm to a hole descriptor overwrite attack, NCC’s researchers say.

Because of this security bug, the metadata and fragment can be forged to point to the same location, which leads to the metadata being overwritten with fragmented data.

An attacker can trigger an arbitrary write by sending a second fragment, “whose offset and length only need to fit within the hole pointed to by the previously controlled metadata.”

“This bug is only exploitable from the local network as it requires crafting a malformed packet which would most likely be dropped during routing. However, this can be effectively leveraged to root Linux-based embedded devices locally,” NCC Group says.

Advertisement. Scroll to continue reading.

Tracked as CVE-2022-30552 (CVSS score of 7.1), the second vulnerability is described as a buffer overflow that could lead to a denial of service (DoS).

The issue can be exploited by crafting a malformed packet that has a specific value lower than the minimum accepted total length, which would result in the called function attempting to make a copy of a greater size than the buffer can withhold.

NCC Group informed the U-Boot maintainers of the vulnerabilities on May 18. Fixes are in the works, but details on the bugs were published ahead of patch availability, given that U-Boot’s vulnerability disclosure process is handled publicly, via their mailing list.

“Update to the latest master branch version once the fix has been committed,” NCC Group notes.

Related: Intel Patches High-Severity Vulnerabilities in BIOS, Boot Guard

Related: Firmware Flaws Allow Disabling Secure Boot on Lenovo Laptops

Related: Researchers Devise New Type of Bluetooth LE Relay Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.