Ahmad Fatoum

**Name of the Vulnerable Software and Affected Versions** barebox versions 2016.03.0 through 2025.09.2 barebox versions 2025.10.0 through 2026.03.0 **Description** barebox is a bootloader. When creating a FIT (Firmware Image Table), the `mkimage(1)` function sets the `hashed-nodes` property of the FIT signature node. This property lists the nodes of the FIT that were hashed during the signing process for later verification by the bootloader. However, the `hashed-nodes` property itself is not included in the hash, allowing an attacker to modify it. This modification can potentially trick the bootloader into booting images that have not been verified. **Recommendations** Update to barebox version 2025.09.3 or later. Update to barebox version 2026.03.1 or later.

**Name of the Vulnerable Software and Affected Versions** barebox versions prior to 2025.01.0 **Description** The issue is related to an integer overflow in the `request2size` function in `common/dlmalloc.c`. **Recommendations** For versions prior to 2025.01.0, update to version 2025.01.0 or later to resolve the issue.