barebox EFI PE Loader Memory Safety Vulnerabilities_CVE-2026-34963

8.4 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section loading logic fails to validate that PointerToRawData plus copied size remains within the PE file buffer. An attacker can supply a malicious EFI PE binary via TFTP, USB, SD card, or network boot to trigger heap buffer overflow or out-of-bounds read from heap memory, potentially achieving code execution in bootloader context.

Basic Information

ID CVE-2026-34963

Source VulnCheck

Published May 11, 2026 at 22:17

Affected Product

Vendor barebox

Product barebox

Affected Versions barebox barebox 0

CWE Classification

CWE-190

References

{
    "lastseen": "",
    "description": "barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section loading logic fails to validate that PointerToRawData plus copied size remains within the PE file buffer. An attacker can supply a malicious EFI PE binary via TFTP, USB, SD card, or network boot to trigger heap buffer overflow or out-of-bounds read from heap memory, potentially achieving code execution in bootloader context.",
    "published": "2026-05-11T22:17:19.159Z",
    "modified": "2026-05-11T22:17:19.159Z",
    "type": "cve",
    "title": "barebox EFI PE Loader Memory Safety Vulnerabilities",
    "source": "VulnCheck",
    "references": "https://github.com/barebox/barebox\nhttps://github.com/barebox/barebox/releases/tag/v2026.04.0\nhttps://www.vulncheck.com/advisories/barebox-efi-pe-loader-memory-safety-vulnerabilities",
    "id": "CVE-2026-34963",
    "bulletinFamily": "",
    "cwe": [
        "CWE-190"
    ],
    "cvelist": null,
    "sourceData": "barebox barebox 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "barebox",
    "version": "0",
    "vendor": "barebox",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}