Overview
- Firmware security firm Binarly disclosed six vulnerabilities in U‑Boot’s FIT signature verification that can trigger four denial‑of‑service crashes and two arbitrary code‑execution flaws during boot.
- The two most serious bugs, tracked as BRLY‑2026‑037 and BRLY‑2026‑038, stem from an unchecked return from libfdt’s fdt_get_name and can produce stack overflows or overwrite saved return addresses so attacker code runs before the operating system loads.
- Binarly published proof‑of‑concept images and reproduction steps and U‑Boot maintainers accepted and merged patches upstream in June, but the current frozen stable release shipped without those fixes and the next official release is not due until October.
- Exploitation requires a malicious FIT image to reach the boot path, which usually needs physical access or a prior privileged foothold, though remote attacks are possible on devices with exposed management update channels such as BMCs.
- Widespread exposure is likely because the vulnerable code dates to U‑Boot v2013.07 and exists across many stable releases and vendor forks, so affected users must watch for vendor firmware updates and recognize that older or unsupported devices may never be patched.