Vendor
high
advisory
CVE-2026-29009 - U-Boot Buffer Overflow in nfs_readlink_reply()
1 CVEA buffer overflow vulnerability exists in the nfs_readlink_reply() function of U-Boot versions up to 2026.04-rc3 when CONFIG_CMD_NFS is enabled, allowing a malicious or compromised NFS server to exploit it by sending multiple relative symlink targets, each approximately 1100 bytes long, to overflow the 2048-byte nfs_path_buff, corrupting adjacent BSS variables and potentially leading to memory corruption and control over the NFS client's state machine.
U-Boot <= 2026.04-rc3
buffer-overflow
vulnerability
firmware
nfs
u-boot
1c
high
advisory
CVE-2026-29008: U-Boot Integer Underflow Leads to Bootloader Crash
1 TTP 1 CVEAn integer underflow vulnerability (CVE-2026-29008) in U-Boot's `tcp_rx_state_machine()` function allows a network-adjacent attacker to crash the bootloader by sending a crafted TCP SYN+ACK packet, potentially preventing device boot and leading to memory corruption.
U-Boot
denial-of-service
vulnerability
bootloader
network
embedded-systems
1t
1c