Description
RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
Published: 2026-03-31
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized modification due to incomplete signature coverage
Action: Apply patch
AI Analysis

Impact

RAUC, a firmware update manager for embedded Linux, suffers from an integer overflow when processing plain‑format bundles larger than 2 GiB. The overflow limits the generated signature to only the first few bytes of the payload, so that the remainder of the bundle is not integrity‑checked. An attacker who can supply a malicious bundle can therefore alter the unchecked part of the firmware, violating the authenticity guarantee of the update process. The flaw maps to cryptographic integrity failure (CWE‑196) and numeric value overflow (CWE‑347).

Affected Systems

This vulnerability affects Pengutronix RAUC versions prior to 1.15.2 that are used on embedded Linux platforms. Any system deploying a bundle signed with those versions is at risk. The upstream patch in release 1.15.2 and later resolves the issue.

Risk and Exploitability

With a CVSS score of 7.2 the flaw is considered high severity, but an EPSS probability of less than 1 % indicates it is not widely exploited in the wild. The vulnerability is not listed in the CISA KEV catalog, reinforcing the low observed exploitation risk. Successful exploitation requires an attacker who can supply a bundle through the device’s update channel, such as via a compromised update server, supply‑chain tampering, or physical access to the update mechanism. Once the modified bundle is installed, the device may run altered firmware or experience service disruption.

Generated by OpenCVE AI on April 3, 2026 at 18:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update RAUC to version 1.15.2 or later to apply the upstream fix
  • Verify all firmware bundles are signed and do not exceed 2 GiB in plain format before deployment
  • If an immediate update is not possible, restrict the device’s update interface to accept only trusted, signed bundles
  • Monitor update logs for any oversized plain-format bundles and investigate anomalies

Generated by OpenCVE AI on April 3, 2026 at 18:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Pengutronix
Pengutronix rauc
CPEs cpe:2.3:a:pengutronix:rauc:*:*:*:*:*:*:*:*
Vendors & Products Pengutronix
Pengutronix rauc
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Rauc
Rauc rauc
Vendors & Products Rauc
Rauc rauc

Tue, 31 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
Title RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB
Weaknesses CWE-196
CWE-347
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Pengutronix Rauc
Rauc Rauc
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T15:45:04.506Z

Reserved: 2026-03-25T20:12:04.196Z

Link: CVE-2026-34155

cve-icon Vulnrichment

Updated: 2026-03-31T15:44:57.041Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T14:16:11.997

Modified: 2026-04-03T15:53:01.463

Link: CVE-2026-34155

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:44Z

Weaknesses