PatchSiren

Pengutronix CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Pengutronix CVE published 2026-05-11

CVE-2026-34961

CVE-2026-34961 is a medium-severity vulnerability in barebox, a bootloader used in embedded systems. The vulnerability is caused by missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c, leading to out-of-bounds read vulnerabilities in ext4 extent parsing. An attacker can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigger heap out-of [truncated]