Astra Linux - уязвимость в u-boot

The U-Boot until 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration...

SUSE CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

Linux Distros Unpatched Vulnerability : CVE-2026-46728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash. CVE-2026-46728 Note that Nessus...

DEBIAN-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

DENX Software Engineering Das U-Boot 访问控制错误漏洞

DENX Software Engineering's Das U-Boot is a general-purpose bootloader developed by the German company DENX Software Engineering. Versions of DENX Software Engineering's Das U-Boot prior to version 2026.04 contained an access control vulnerability. This vulnerability stemmed from the omission of...

Linux Distros Unpatched Vulnerability : CVE-2026-33243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: uboot-tools (UTSA-2026-007172)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007172 advisory. barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT...

OESA-2026-1834 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the...

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

DEBIAN-CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

CVE-2026-33243

Barebox contains a vulnerability in the FIT signing flow: during mkimage, the hashed-nodes property of the FIT signature node is computed, but the hashed-nodes value is not itself protected by the hash. An attacker can modify hashed-nodes to influence which nodes were reported as hashed, potentia...

CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

EUVD-2026-13893

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2025.09.3 and from version 2025.10.0 to before version 2026.03.1, when creating a FIT, mkimage1 sets the hashed-nodes property of the FIT signature node to list which nodes of the FIT were hashed as part of the signing...

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

CVE-2026-33243

Removed by vendor...

PT-2026-26702

Name of the Vulnerable Software and Affected Versions barebox versions 2016.03.0 through 2025.09.2 barebox versions 2025.10.0 through 2026.03.0 Description barebox is a bootloader. When creating a FIT Firmware Image Table, the mkimage1 function sets the hashed-nodes property of the FIT signature...

Barebox 数据伪造问题漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox before 2025.09.3 and 2026.03.1 contained a data manipulation vulnerability. This vulnerability stemmed from the fact that the hashed-nodes attribute set by mkimage during the creation of FIT was n...