Fwd: SySS Responsible Disclosure Policy - U-Boot vulnerabilities
Tom Rini
trini at konsulko.com
Thu Jun 11 16:05:08 CEST 2026
On Thu, Jun 11, 2026 at 08:33:49AM +0200, Robin Trost wrote:
> Hi Tom,
>
> I've just seen that my mail regarding some vulnerabilities I identified
> within u-boot was rejected from your mail provider.
>
> Therefore I just forwarded you the mail (without the advisories attached).
> The identified vulnerabilities are:
>
> - SYSS-2026-038: Arbitrary OOB Heap Write (NAND)
> - SYSS-2026-039: Arbitrary OOB Heap Write / Integer Underflow (RSA Public
> Key Parsing)
> - SYSS-2026-040: Arbitrary OOB Heap Write (Ext4)
> - SYSS-2026-041: Arbitrary OOB Heap Read (Ext4)
>
> If you would like to have further information (or the attached advisories
> files, including reproducer scripts), let me know.
Hi, please see https://docs.u-boot.org/en/latest/develop/security.html
and
https://docs.u-boot-project.org/en/latest/develop/sending_patches.html,
and so please start separate emails to the list, and CC the relevant
maintainers for each, in order to make sure the community is aware of
them and that if you're unable to work on the issues as well someone
else can. Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260611/4dacbde1/attachment.sig>
More information about the U-Boot
mailing list