Amazon Kindle, Embedded Devices Open to Code-Execution

guest · Nov 7, 2019

Amazon Kindle, Embedded Devices Open to Code-Execution
Flaws in Das U-Boot affect third-party hardware that uses the universal bootloader as an underlying component
November 7, 2019
https://threatpost.com/amazon-kindle-embedded-devices-code-execution/150003/

Multiple vulnerabilities have been found in Das U-Boot, a universal bootloader commonly used in embedded devices like Amazon Kindles, ARM Chromebooks and networking hardware. The bugs could allow attackers to gain full control of an impacted device’s CPU and modify anything they choose.

Researchers at ForAllSecure found the flaws in U-Boot’s file system drivers. They include a recursive stack overflow in the DOS partition parser, a pair of buffer-overflows in ext4 and a double-free memory corruption flaw in ext4. They open the door to denial-of-service attacks, device takeover and code-execution.
There are both local and remote paths to exploitation for these flaws.

He added, “I’d say it would take moderate-to-high expertise to develop an initial exploit for a given device.”
Click to expand...

ForAllSecure also found five low-severity divide-by-zero bugs, triggered by invalid extended file systems.

U-Boot patched the bugs as of its v. 2019.10 release – but devices are likely still vulnerable given that the update process is controlled by the vendor of the device rather than U-Boot itself.

“As a bootloader, which is often used in embedded devices with a long/non-existent update cycle, the unpatched code is likely present and will remain present on many devices for some time,” Koo told Threatpost.
If support for DOS partitions or ext4 filesystem images is not present in the U-Boot configuration of a device, then the bugs have impact.
Click to expand...

Log in or Sign up

Amazon Kindle, Embedded Devices Open to Code-Execution

guest Guest

Log in or Sign up

Amazon Kindle, Embedded Devices Open to Code-Execution

guest Guest

Useful Searches