Summary: Barebox has released version 2025.01.0 to address critical vulnerabilities that could compromise secure boot and allow code execution on embedded systems. The vulnerabilities, identified by researchers from sigma star gmbh, significantly affect the handling of SquashFS filesystems and memory allocation. Users are advised to upgrade immediately to mitigate risks associated with these security issues.
Affected: Barebox bootloader
Keypoints :
- Multiple vulnerabilities exist in Barebox’s SquashFS implementation due to missing patches from Linux.
- Two integer overflow vulnerabilities could lead to memory corruption, allowing attackers to gain control over the program execution.
- The vulnerabilities pose severe risks to systems utilizing Barebox for secure boot, particularly impacting embedded devices like industrial controllers and IoT devices.
Views: 4