A new security analysis by Binarly Research has uncovered six critical vulnerabilities in the widely used U-Boot bootloader, exposing embedded systems and server management platforms to denial-of-service (DoS) attacks and potential arbitrary code execution.
U-Boot is a foundational component in the boot chain of countless devices, including routers, IoT systems, and Baseboard Management Controllers (BMCs) used in enterprise servers.
As one of the first pieces of code executed during system startup, any weakness in U-Boot can compromise the entire chain of trust.
Focusing on U-Boot’s Verified Boot mechanism specifically FIT (Flattened Image Tree) signature verification, Binarly researchers identified flaws in how untrusted boot images are processed before validation is complete.
These issues affect code paths that have been present since version v2013.07, potentially impacting over 50 stable releases and numerous vendor forks.
U-Boot FIT Signature Verification Vulnerabilities
The vulnerabilities (BRLY-2026-037 through BRLY-2026-042) fall into two categories: two enable potential code execution, while four lead to DoS conditions.
BRLY-2026-037: A null pointer dereference in fdt_find_regions can crash the system. In certain environments where memory at address 0x0 is mapped, this flaw can be escalated into a stack-based buffer overflow, enabling code execution.
BRLY-2026-038: A related issue allows a stack buffer underflow due to improper handling of negative length values. Attackers can manipulate memory pointers to overwrite return addresses and execute arbitrary code during boot.
BRLY-2026-039: An unchecked size field in the hashed-strings property allows attackers to trigger excessive memory reads during hashing, leading to a crash.
BRLY-2026-040: Another null pointer dereference occurs when processing properties in legacy FIT formats, causing immediate failure during image parsing.
BRLY-2026-041: Improper validation of external data references (data-offset, data-position, data-size) enables attackers to point outside valid memory or request oversized reads, resulting in system crashes.
BRLY-2026-042: An unbounded recursive function used during FIT validation can exhaust stack memory when processing deeply nested image structures, leading to DoS.
All six vulnerabilities are triggered during processing of a malicious FIT image before signature verification completes. This is significant because attackers can craft images that bypass trust checks entirely.
While such attacks are often assumed to require physical access, Binarly highlights real-world scenarios where remote attackers can exploit firmware update mechanisms.
For example, insecure BMC interfaces may allow adversaries to upload and flash malicious images, effectively gaining control at the earliest stage of execution.
The impact ranges from rendering devices unbootable to executing stealthy firmware implants that persist below the operating system level and evade traditional security tools.
Binarly coordinated disclosure with U-Boot maintainers and provided patches for all six issues. These fixes have been merged into the mainline U-Boot repository.
Key mitigations include: Adding null pointer checks and validating return values. Enforcing bounds on size and offset fields. Limiting recursion depth during FIT parsing. Ensuring all memory regions fall within valid image boundaries.
Organizations using U-Boot, especially in embedded and server management environments, are strongly advised to update to patched versions or backport the fixes immediately.
Given U-Boot’s extensive adoption and the longevity of the vulnerable code, these flaws present a broad supply chain risk. Many devices may remain exposed due to outdated firmware or unmaintained vendor forks.
The findings reinforce the importance of continuous firmware security analysis and stricter validation of boot components.
As attackers increasingly target early boot stages, securing bootloaders such as U-Boot is becoming critical for maintaining platform integrity.
Stop Accepting SLAs Written for 2019 SOCs – Here’s the 2026 AI SLA Vendor Checklist – Download Free AI SOC SLA Guide
The post Six U-Boot FIT Signature Verification Flaws Enable Code Execution and DoS Attacks appeared first on Cyber Security News.



