MEDIUM
Pengutronix
CVE published 2026-05-11
CVE-2026-34961
CVE-2026-34961 is a medium-severity vulnerability in barebox, a bootloader used in embedded systems. The vulnerability is caused by missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c, leading to out-of-bounds read vulnerabilities in ext4 extent parsing. An attacker can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigger heap out-of [truncated]