Lucene search
K

27 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/20 10:51 p.m.3 views

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/20 10:51 p.m.6 views

EUVD-2026-13893

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2025.09.3 and from version 2025.10.0 to before version 2026.03.1, when creating a FIT, mkimage1 sets the hashed-nodes property of the FIT signature node to list which nodes of the FIT were hashed as part of the signing...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/20 10:51 p.m.23 views

CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS0.00108EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 10:51 p.m.21 views

CVE-2026-33243

Barebox contains a vulnerability in the FIT signing flow: during mkimage, the hashed-nodes property of the FIT signature node is computed, but the hashed-nodes value is not itself protected by the hash. An attacker can modify hashed-nodes to influence which nodes were reported as hashed, potentia...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software2
AlpineLinux
AlpineLinux
added 2026/03/20 10:51 p.m.5 views

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Barebox 数据伪造问题漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox before 2025.09.3 and 2026.03.1 contained a data manipulation vulnerability. This vulnerability stemmed from the fact that the hashed-nodes attribute set by mkimage during the creation of FIT was n...

8.2CVSS5.7AI score0.00108EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26702

Name of the Vulnerable Software and Affected Versions barebox versions 2016.03.0 through 2025.09.2 barebox versions 2025.10.0 through 2026.03.0 Description barebox is a bootloader. When creating a FIT Firmware Image Table, the mkimage1 function sets the hashed-nodes property of the FIT signature...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References12
Rows per page
Query Builder