CVE-2026-34155
Received Received - Intake
Integer Overflow in RAUC Plain Bundles Allows Payload Tampering

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: GitHub, Inc.

Description
RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34155
EUVD
EUVD-2026-17413
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pengutronix rauc to 1.15.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
CWE-196 The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-34155 is a vulnerability in RAUC, a software update framework for embedded Linux systems. It affects RAUC bundles using the 'plain' format when the payload size exceeds 2 GiB. Due to an integer overflow during the signing and verification process, the cryptographic signature only covers the first few bytes of the payload instead of the entire data. This means that an attacker can modify the part of the payload not covered by the signature without invalidating it, compromising the integrity verification.

The issue arises from improper handling of payload sizes larger than 2 GiB, specifically an unsigned to signed integer conversion error causing overflow, and improper verification of the cryptographic signature. This vulnerability was fixed in RAUC version 1.15.2 by rejecting 'plain' format bundles exceeding 2 GiB during both signing and verification.

Impact Analysis

This vulnerability allows an attacker to modify parts of a signed RAUC update bundle payload that are not covered by the signature if the payload exceeds 2 GiB in size. As a result, the integrity of the update process is compromised because unauthorized changes can be made without detection.

The impact includes a high compromise of data integrity, potentially allowing malicious code or data to be introduced during the update process. Although confidentiality loss is low and availability is not directly affected, the overall system security is at risk due to the possibility of unauthorized payload modifications.

Exploitation requires low privileges and only passive user interaction, and it can be performed remotely over a network, making it a significant security risk for affected systems.

Detection Guidance

This vulnerability can be detected by checking if RAUC bundles using the 'plain' format exceed a payload size of 2 GiB, as such bundles are vulnerable to an integer overflow causing incomplete signature coverage.

To detect vulnerable bundles on your system, you can inspect the size of the RAUC update bundles and verify their format.

  • Use commands like `ls -lh` or `stat` to check the size of RAUC bundle files and confirm if any exceed 2 GiB.
  • Check the bundle format by inspecting the bundle metadata or configuration to see if the 'plain' format is used.
  • Verify the RAUC version installed using `rauc --version` to ensure it is 1.15.2 or later, which includes the fix.

If you have access to the RAUC signing or verification logs, look for errors related to payload size exceeding 2 GiB or signature verification failures.

Mitigation Strategies

The primary mitigation step is to upgrade RAUC to version 1.15.2 or later, which includes a fix that rejects 'plain' format bundles with payloads exceeding 2 GiB during signing and verification.

If upgrading immediately is not possible, ensure that all RAUC bundles using the 'plain' format are smaller than 2 GiB to avoid triggering the integer overflow.

Consider migrating to the recommended 'verity' or 'crypt' bundle formats, which are not affected by this vulnerability and have been supported since RAUC versions 1.5 and 1.7 respectively.

Review and monitor your update process to detect any unsigned or improperly signed payload modifications.

Compliance Impact

This vulnerability compromises the integrity verification of software update bundles by allowing modification of unsigned parts of the payload without detection. Such a flaw can undermine the trustworthiness and security of embedded Linux systems that rely on RAUC for updates.

Since regulations like GDPR and HIPAA require ensuring data integrity and protection against unauthorized modifications, this vulnerability could negatively impact compliance by exposing systems to potential unauthorized code or data changes.

Mitigating this vulnerability by upgrading to RAUC version 1.15.2 or using secure bundle formats ('verity' or 'crypt') helps maintain compliance with these standards by ensuring cryptographic signatures cover the entire payload and prevent tampering.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34155. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart