U-Boot FIT signature-check and image-parsing flaws memory corruption flaw
Vulnerability
Summary
Hide ▲
Show ▼
U-Boot has six newly disclosed flaws in its FIT signature-checking and image-parsing path, putting routers, smart cameras, and data-center server management chips at risk of boot-time crash or code execution. Two of the flaws can let a malicious image run attacker code before signature verification, while four can crash the bootloader. Binarly published proof-of-concept images and reproduction steps, and no real-world exploitation has been reported. Upstream fixes were merged in June, but downstream firmware updates are still needed.
Related Happenings
Apple A12/S4/S5/A13 BootROM usbliter8 authentication bypass flaw
Vulnerability
H score27
First: 22.06.2026 17:00
Last: 22.06.2026 17:00
Sources 1
About this happening:
Researchers disclosed **usbliter8**, an **unpatchable BootROM flaw** affecting **Apple A12, S4/S5, and A13** SoCs, creating boot-chain compromise risk for devices with **physical...
Apple A12/S4/S5/A13 BootROM usbliter8 authentication bypass flaw
VulnerabilityAbout this happening: Researchers disclosed **usbliter8**, an **unpatchable BootROM flaw** affecting **Apple A12, S4/S5, and A13** SoCs, creating boot-chain compromise risk for devices with **physical...
CERT/CC UEFI DBX mitigation for vendor-signed applications
Advisory/Mitigation
H score28
First: 19.06.2026 21:33
Last: 19.06.2026 21:33
Sources 1
About this happening:
**CERT/CC** issued mitigation guidance to apply **UEFI Forbidden Signature Database (DBX)** updates, reducing **Secure Boot bypass** risk for affected vendor-signed **UEFI applica...
CERT/CC UEFI DBX mitigation for vendor-signed applications
Advisory/MitigationAbout this happening: **CERT/CC** issued mitigation guidance to apply **UEFI Forbidden Signature Database (DBX)** updates, reducing **Secure Boot bypass** risk for affected vendor-signed **UEFI applica...
Timeline
-
10.07.2026 18:57 2 articles · 4h ago
Binarly discloses six U-Boot flaws that can crash devices or run code at boot
Initial DisclosureBinarly disclosed six new flaws in U-Boot's FIT (Flattened Image Tree) signature-checking and image-parsing path, affecting devices such as home routers, smart cameras, and data-center server management chips. Two flaws, BRLY-2026-037 and BRLY-2026-038, can enable code execution at boot through memory corruption, while BRLY-2026-039 through BRLY-2026-042 can crash the bootloader; Binarly also published proof-of-concept images and reproduction steps and said no real-world exploitation has been reported.
Show sources
- Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot — thehackernews.com — 10.07.2026 18:57
- Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot — thehackernews.com — 10.07.2026 18:57