CVE-2026-34963
Received Received - Intake
Memory Safety Flaws in barebox Bootloader

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: VulnCheck

Description
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section loading logic fails to validate that PointerToRawData plus copied size remains within the PE file buffer. An attacker can supply a malicious EFI PE binary via TFTP, USB, SD card, or network boot to trigger heap buffer overflow or out-of-bounds read from heap memory, potentially achieving code execution in bootloader context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-05-12
AI Q&A
2026-05-12
EPSS Evaluated
N/A
NVD
CVE-2026-34963
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
barebox barebox to 2026.04.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in barebox versions prior to 2026.04.0 and involves multiple memory-safety issues in the EFI PE loader component. Specifically, an integer overflow occurs during the calculation of the virtual image size using 32-bit arithmetic on section VirtualAddress and size values. This leads to an undersized heap allocation. Additionally, the PE section loading logic does not properly validate that the sum of PointerToRawData and the copied size stays within the PE file buffer boundaries.

An attacker can exploit this by supplying a malicious EFI PE binary through various means such as TFTP, USB, SD card, or network boot. This can trigger a heap buffer overflow or an out-of-bounds read from heap memory, potentially allowing the attacker to execute arbitrary code within the bootloader context.


How can this vulnerability impact me? :

This vulnerability can have serious impacts as it allows an attacker to execute arbitrary code in the bootloader context. Since the bootloader runs at a very early stage of system startup with high privileges, successful exploitation could lead to full system compromise, including bypassing security controls, installing persistent malware, or disrupting system boot processes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart