Barebox Secure Boot Bypass Flaws Allow Attackers to Bypass Secure Boot

EXECUTIVE SUMMARY:

Barebox, a widely used bootloader for embedded systems, has addressed multiple critical vulnerabilities. These vulnerabilities, including issues in SquashFS handling and memory allocation, could allow attackers to bypass secure boot and execute malicious code. Exploiting these flaws could break the chain of trust in verified boot systems, enabling attackers to manipulate filesystem data and gain control over affected devices. The combined severity of these vulnerabilities is high, with a CVSS score of 9.1. Users are urged to update immediately to mitigate risks.[emaillocker id="1283"]

• CVE-2024-57260: This vulnerability stems from missing patches in Barebox’s SquashFS implementation, leaving it exposed to known exploits. Attackers could manipulate SquashFS filesystem data to trigger memory corruption and execute arbitrary code during the boot process.
• CVE-2024-57261: An integer overflow in Barebox’s memory allocator could lead to memory corruption. This flaw is not limited to SquashFS and may be exploitable through other subsystems, increasing the potential attack surface.
• CVE-2024-57262: This vulnerability involves an integer overflow in Barebox’s SquashFS symlink resolution function. Successful exploitation could allow attackers to corrupt memory and gain control over the boot process.

These vulnerabilities pose a significant risk to embedded systems relying on Barebox for secure boot. Exploitation could result in complete device compromise, particularly in industrial, IoT, and network appliances.

RECOMMENDATION:

• We recommend you to update Barebox to version v2025.01.0 or later.

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/multiple-vulnerabilities-in-barebox-bootloader-expose-embedded-systems-to-code-execution-risks/