Find notable cyber news and cases, enriched with sources, timelines, and signals.

U-Boot FIT signature-check and image-parsing flaws memory corruption flaw

Vulnerability
First reported
Last updated
Happening score
H score 1
1 unique sources, 1 articles

Summary

Hide ▲

U-Boot has six newly disclosed flaws in its FIT signature-checking and image-parsing path, putting routers, smart cameras, and data-center server management chips at risk of boot-time crash or code execution. Two of the flaws can let a malicious image run attacker code before signature verification, while four can crash the bootloader. Binarly published proof-of-concept images and reproduction steps, and no real-world exploitation has been reported. Upstream fixes were merged in June, but downstream firmware updates are still needed.

Related Happenings

Apple A12/S4/S5/A13 BootROM usbliter8 authentication bypass flaw

Vulnerability
H score27 First: 22.06.2026 17:00 Last: 22.06.2026 17:00 Sources 1

About this happening: Researchers disclosed **usbliter8**, an **unpatchable BootROM flaw** affecting **Apple A12, S4/S5, and A13** SoCs, creating boot-chain compromise risk for devices with **physical...

CERT/CC UEFI DBX mitigation for vendor-signed applications

Advisory/Mitigation
H score28 First: 19.06.2026 21:33 Last: 19.06.2026 21:33 Sources 1

About this happening: **CERT/CC** issued mitigation guidance to apply **UEFI Forbidden Signature Database (DBX)** updates, reducing **Secure Boot bypass** risk for affected vendor-signed **UEFI applica...

Timeline

  1. 10.07.2026 18:57 2 articles · 4h ago

    Binarly discloses six U-Boot flaws that can crash devices or run code at boot

    Initial Disclosure

    Binarly disclosed six new flaws in U-Boot's FIT (Flattened Image Tree) signature-checking and image-parsing path, affecting devices such as home routers, smart cameras, and data-center server management chips. Two flaws, BRLY-2026-037 and BRLY-2026-038, can enable code execution at boot through memory corruption, while BRLY-2026-039 through BRLY-2026-042 can crash the bootloader; Binarly also published proof-of-concept images and reproduction steps and said no real-world exploitation has been reported.

    Show sources