Back to advisories

New U-Boot flaws could enable stealthy firmware attacks

Six vulnerabilities in U-Boot bootloader FIT signature verification allow attackers to execute arbitrary code during device boot and install persistent firmware-level malware. Affected devices span embedded Linux systems across multiple industries, with some flaws dating back to 2013. This enables pre-OS compromise that bypasses standard security controls.

HIGHAdvisoryJul 11, 2026
Action required
Identify all devices in your environment running U-Boot bootloader. Coordinate with device vendors for patch availability and deployment timelines. Prioritize firmware updates for internet-facing and critical infrastructure devices. Monitor boot logs for signature verification failures and unexpected firmware modifications.
Affected products
U-BootBinarly