* Notification about FIT Signature Bypass Vulnerability
@ 2026-03-17 19:09 Ahmad Fatoum
0 siblings, 0 replies; only message in thread
From: Ahmad Fatoum @ 2026-03-17 19:09 UTC (permalink / raw)
To: BAREBOX
On 2026-03-02, a patch was first posted to the U-Boot mailing list to
fix a FIT security vulnerability that had been disclosed privately by
Apple Security Engineering and Architecture.
This vulnerability has been fixed in barebox v2026.03.1 and U-Boot
v2026.04-rc4 in the meantime.
More details can be found in the linked advisory:
https://github.com/barebox/barebox/security/advisories/GHSA-3fvj-q26p-j6h4
A CVE number has been requested.
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-03-17 19:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-17 19:09 Notification about FIT Signature Bypass Vulnerability Ahmad Fatoum
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox