Buffer Overflow Vulnerability in U-Boot's NFS Feature
CVE-2026-29009
8.8HIGH
What is CVE-2026-29009?
U-Boot versions up to 2026.04-rc3 contain a buffer overflow vulnerability within the nfs_readlink_reply() function. This issue arises when the CONFIG_CMD_NFS option is enabled, which exposes the system to potential exploits by malicious NFS servers. Specifically, attackers can exploit the vulnerability by sending multiple READLINK responses with relative symlink targets that exceed the allocated buffer size of 2048 bytes. This can lead to memory corruption and give the attacker control over critical variables within the NFS client state machine, affecting the overall integrity and functionality of the networking operations.
Affected Version(s)
u-boot 0 <= 2026.04-rc3
References
CVSS V4
Score:
8.8
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
VulnCheck
