**Stealthy Firmware Attacks Possible Due to U-Boot Vulnerabilities**
Researchers at Binarly have discovered six critical vulnerabilities in the widely used open-source U-Boot bootloader. These flaws, which affect the FIT (Flattened Image Tree) signature verification code, could enable stealthy firmware attacks on devices that use U-Boot, potentially compromising security protections and installing persistent malware.
U-Boot is a crucial component of many embedded Linux devices, including enterprise servers’ Baseboard Management Controllers (BMCs), networking equipment, industrial systems, IoT devices, and other appliances. Its primary function is to load the operating system, making it an attractive target for attackers. The vulnerabilities in U-Boot’s FIT signature verification code could allow attackers to execute malicious code during device boot, before the operating system and its security software have a chance to start.
The six vulnerabilities discovered by Binarly are:
* **BRLY-2026-037**: A flaw that can cause U-Boot to crash when processing a malicious firmware image and, under certain conditions, can be used for arbitrary code execution.
* **BRLY-2026-038**: A memory corruption vulnerability that could allow attackers to execute arbitrary code during firmware signature verification.
* **BRLY-2026-039**: An out-of-bounds read vulnerability that can crash devices by forcing U-Boot to read beyond the firmware image.
* **BRLY-2026-040**: A null pointer dereference that allows specially crafted firmware images to crash the bootloader.
* **BRLY-2026-041**: Improper validation of externally stored firmware data that can cause U-Boot to crash when processing malicious firmware images.
* **BRLY-2026-042**: An unbounded recursion flaw that can exhaust available stack memory and crash the bootloader.
According to Binarly, most of the vulnerable code has existed since U-Boot version 2013.07, causing the flaws to potentially affect more than 50 releases of the project as well as vendors who utilized the vulnerable code in their own firmware.
If successfully exploited, these vulnerabilities could allow attackers to execute code during the earliest stages of the boot process, before the operating system loads. This would give them high levels of access and enable malicious actions such as disabling firmware security features, modifying the boot process, or installing persistent malware.
Binarly notes that exploiting these vulnerabilities does not always require physical access. On systems such as BMCs that support remote firmware updates, an attacker who has already compromised the management interface could upload a specially crafted firmware image to exploit the flaws.
The researchers have reported the vulnerabilities to the U-Boot maintainers and submitted patches for all six issues, which have since been accepted into the project’s upstream codebase. However, because U-Boot is integrated into firmware by individual hardware manufacturers, the fixes must first be incorporated into vendors’ firmware updates before they can be distributed to customers.
Older or unsupported devices that no longer receive firmware updates may never be patched.
Source: Original article