CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

CVE-2026-34962 barebox ext4 Directory Parsing Infinite Loop Denial of Service

barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...

CVE-2026-34962

CVE-2026-34962 affects barebox prior to 2026.04.0, where a vulnerability in ext4 directory parsing (fs/ext4/ext4_common.c) allows an infinite loop during directory listing or path resolution. The root cause is that ext4fs_iterate_dir() does not validate non-zero directory entry lengths, so a craf...

CVE-2026-34962 barebox ext4 Directory Parsing Infinite Loop Denial of Service

barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...

CVE-2026-34962

barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4common.c where the ext4fsiteratedir function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a...

CVE-2026-34961 barebox ext4 Extent Parsing Out-of-Bounds Read

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

CVE-2026-34961

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

CVE-2026-34961 barebox ext4 Extent Parsing Out-of-Bounds Read

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

CVE-2026-34961

Barebox before 2026.04.0 has a heap out-of-bounds read in ext4 extent parsing due to missing validation of eh_entries against buffer capacity in fs/ext4/ext4_common.c. An attacker could supply a malicious ext4 image over USB, SD card, or network boot to trigger reads beyond the allocated buffer d...

Linux Distros Unpatched Vulnerability : CVE-2026-33243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a...

PT-2026-39850

Name of the Vulnerable Software and Affected Versions barebox versions prior to 2026.04.0 Description An out-of-bounds read exists in the ext4 extent parsing process due to missing validation of the eh entries field against buffer capacity within the fs/ext4/ext4 common.c file. An attacker can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017478 advisory. A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, usi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017485)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017485 advisory. A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: edk2 (UTSA-2026-017475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017475 advisory. BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. Tenable has extracted the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017479 advisory. A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017477 advisory. A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB devi...

CVE-2026-43410

A flaw was found in the Linux kernel's stratix10-rsu firmware driver. When the Remote System Update RSU is not enabled in the First Stage Boot Loader FSBL, the driver attempts to access an already-freed channel. This can lead to a NULL pointer dereference, causing a kernel panic and resulting in ...

CVE-2025-71300

A flaw was found in the Linux kernel, specifically within the OP-TEE Open Portable Trusted Execution Environment integration with U-Boot. The U-Boot's OP-TEE logic automatically injects a reserved-memory node into the kernel device tree. However, a manually defined OP-TEE node in zynqmp.dtsi...

EUVD-2026-28716

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...

UBUNTU-CVE-2026-43410

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update RSU isn't enabled in the First Stage Boot Loader FSBL, the driver encounters a NULL pointer dereference when excute...