CVE-2026-34155
Integer Overflow in RAUC Plain Bundles Allows Payload Tampering
Publication date: 2026-03-31
Last updated on: 2026-04-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pengutronix | rauc | to 1.15.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-196 | The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive. |
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34155 is a vulnerability in RAUC, a software update framework for embedded Linux systems. It affects RAUC bundles using the 'plain' format when the payload size exceeds 2 GiB. Due to an integer overflow during the signing and verification process, the cryptographic signature only covers the first few bytes of the payload instead of the entire data. This means that an attacker can modify the part of the payload not covered by the signature without invalidating it, compromising the integrity verification.
The issue arises from improper handling of payload sizes larger than 2 GiB, specifically an unsigned to signed integer conversion error causing overflow, and improper verification of the cryptographic signature. This vulnerability was fixed in RAUC version 1.15.2 by rejecting 'plain' format bundles exceeding 2 GiB during both signing and verification.
How can this vulnerability impact me? :
This vulnerability allows an attacker to modify parts of a signed RAUC update bundle payload that are not covered by the signature if the payload exceeds 2 GiB in size. As a result, the integrity of the update process is compromised because unauthorized changes can be made without detection.
The impact includes a high compromise of data integrity, potentially allowing malicious code or data to be introduced during the update process. Although confidentiality loss is low and availability is not directly affected, the overall system security is at risk due to the possibility of unauthorized payload modifications.
Exploitation requires low privileges and only passive user interaction, and it can be performed remotely over a network, making it a significant security risk for affected systems.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability compromises the integrity verification of software update bundles by allowing modification of unsigned parts of the payload without detection. Such a flaw can undermine the trustworthiness and security of embedded Linux systems that rely on RAUC for updates.
Since regulations like GDPR and HIPAA require ensuring data integrity and protection against unauthorized modifications, this vulnerability could negatively impact compliance by exposing systems to potential unauthorized code or data changes.
Mitigating this vulnerability by upgrading to RAUC version 1.15.2 or using secure bundle formats ('verity' or 'crypt') helps maintain compliance with these standards by ensuring cryptographic signatures cover the entire payload and prevent tampering.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if RAUC bundles using the 'plain' format exceed a payload size of 2 GiB, as such bundles are vulnerable to an integer overflow causing incomplete signature coverage.
To detect vulnerable bundles on your system, you can inspect the size of the RAUC update bundles and verify their format.
- Use commands like `ls -lh` or `stat` to check the size of RAUC bundle files and confirm if any exceed 2 GiB.
- Check the bundle format by inspecting the bundle metadata or configuration to see if the 'plain' format is used.
- Verify the RAUC version installed using `rauc --version` to ensure it is 1.15.2 or later, which includes the fix.
If you have access to the RAUC signing or verification logs, look for errors related to payload size exceeding 2 GiB or signature verification failures.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade RAUC to version 1.15.2 or later, which includes a fix that rejects 'plain' format bundles with payloads exceeding 2 GiB during signing and verification.
If upgrading immediately is not possible, ensure that all RAUC bundles using the 'plain' format are smaller than 2 GiB to avoid triggering the integer overflow.
Consider migrating to the recommended 'verity' or 'crypt' bundle formats, which are not affected by this vulnerability and have been supported since RAUC versions 1.5 and 1.7 respectively.
Review and monitor your update process to detect any unsigned or improperly signed payload modifications.