Fwd: SySS Responsible Disclosure Policy - U-Boot vulnerabilities
Robin Trost
Robin.Trost at syss.de
Fri Jun 12 08:32:54 CEST 2026
Hi Tom,
thank you for the reply. I will forward each advisory to the associated
maintainer.
Kind regards,
Robin
On 6/11/26 16:05, Tom Rini wrote:
> On Thu, Jun 11, 2026 at 08:33:49AM +0200, Robin Trost wrote:
>
>> Hi Tom,
>>
>> I've just seen that my mail regarding some vulnerabilities I identified
>> within u-boot was rejected from your mail provider.
>>
>> Therefore I just forwarded you the mail (without the advisories attached).
>> The identified vulnerabilities are:
>>
>> - SYSS-2026-038: Arbitrary OOB Heap Write (NAND)
>> - SYSS-2026-039: Arbitrary OOB Heap Write / Integer Underflow (RSA Public
>> Key Parsing)
>> - SYSS-2026-040: Arbitrary OOB Heap Write (Ext4)
>> - SYSS-2026-041: Arbitrary OOB Heap Read (Ext4)
>>
>> If you would like to have further information (or the attached advisories
>> files, including reproducer scripts), let me know.
>
> Hi, please see https://docs.u-boot.org/en/latest/develop/security.html
> and
> https://docs.u-boot-project.org/en/latest/develop/sending_patches.html,
> and so please start separate emails to the list, and CC the relevant
> maintainers for each, in order to make sure the community is aware of
> them and that if you're unable to work on the issues as well someone
> else can. Thanks!
>
--
Robin Trost
Senior IT-Security Consultant
______________________________________________________________
SySS GmbH
Schaffhausenstraße 77, 72072 Tübingen, Germany
Tel: +49 (0)7071 - 40 78 56-6169
Mobil: +49 (0)151 - 42209330
E-Mail: Robin.Trost at syss.de
Conf. Calls: https://syss.zoom.us/my/robin.trost
Web: https://syss.de
PGP-Fingerprint: 85FE 80E2 04F3 6177 C61A 4618 61DE F14F 698E 6EB3
Geschäftsführer: Sebastian Schreiber
Registergericht: Amtsgericht Stuttgart / HRB 382420
Steuernummer: 86118 / 55809
More information about the U-Boot
mailing list