The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HPengutronix Rauc
APPPengutronix< 1.5
Related vulnerabilities
RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'p...
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a fiel...
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because ...
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a l...
barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within ...