CVE-2026-29009
CVE-2026-29009 affects U-Boot 2026.04-rc3 with CONFIG_CMD_NFS enabled. The flaw is a buffer overflow in nfs_readlink_reply() (net/nfs-common.c) where the 2048-byte nfs_path_buff can be overflowed by multiple relative symlink targets returned via NFS READLINK. Attackers can send two or more READLI...