By Ravie Lakshmanan
Cybersecurity researchers have disclosedΒ two unpatched security vulnerabilitiesΒ in the open-source U-Boot boot loader.
The issues, which were uncovered in theΒ IP defragmentationΒ algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service (DoS).
U-Boot is aΒ boot loaderΒ used in Linux-based embedded systems such as ChromeOS as well as