VYPR

Barebox

by Pengutronix

CVEs (2)

  • CVE-2026-34963HigMay 11, 2026
    risk 0.55cvss 8.4epss 0.00

    barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap…

  • CVE-2026-34962MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4…