Out-of-Bounds Read Vulnerability in U-Boot by DENX
CVE-2026-29007
6.9MEDIUM
What is CVE-2026-29007?
The U-Boot bootloader up to version 2026.04-rc3 is susceptible to an out-of-bounds read vulnerability within the tcp_rx_state_machine() function. This flaw occurs when CONFIG_PROT_TCP is enabled, enabling remote attackers to exploit it by sending specially crafted TCP packets. The attackers can manipulate the IP total length and the TCP data offset, causing the tcp_parse_options() function to read beyond the intended boundaries. This could lead to the corruption of critical connection state variables, potentially disrupting TCP window calculations and undermining the stability and security of network communications.
Affected Version(s)
u-boot 0 <= 2026.04-rc3
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
VulnCheck
