Buffer Overflow Vulnerability in U-Boot's NFS Feature
CVE-2026-29009

8.8HIGH

Key Information:

Vendor

U-boot

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-29009?

U-Boot versions up to 2026.04-rc3 contain a buffer overflow vulnerability within the nfs_readlink_reply() function. This issue arises when the CONFIG_CMD_NFS option is enabled, which exposes the system to potential exploits by malicious NFS servers. Specifically, attackers can exploit the vulnerability by sending multiple READLINK responses with relative symlink targets that exceed the allocated buffer size of 2048 bytes. This can lead to memory corruption and give the attacker control over critical variables within the NFS client state machine, affecting the overall integrity and functionality of the networking operations.

Affected Version(s)

u-boot 0 <= 2026.04-rc3

References

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
VulnCheck
.