Description
RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
Published: 2026-03-31
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: Integrity Compromise
Action: Immediate Patch
AI Analysis

Impact

RAUC, the update manager for embedded Linux devices, contains an integer overflow in its handling of plain-format bundles larger than 2 GiB. The overflow limits the calculated digital signature to only the first portion of the payload. A bundle that still bears a legitimate signature can therefore have the remaining bytes modified without being detected. This flaw effectively bypasses RAUC's built-in integrity verification and permits an attacker to inject malicious code or corrupt system data within the update.

Affected Systems

This vulnerability affects all versions of RAUC older than v1.15.2. The update mechanism is used on a wide range of embedded products that rely on RAUC for over-the-air or USB‑based firmware upgrades. The fix was applied in release v1.15.2 and in all later revisions.

Risk and Exploitability

The item scores a CVSS 7.2, indicating high severity. Exploitation requires only that an attacker deliver a malicious plain-format bundle that exceeds the 2‑GiB ceiling to a device that accepts that bundle as a trusted update. No local privilege escalation is necessary, but the attacker must control the update source. The vulnerability is not listed in CISA's KEV catalog and EPSS data are not available.

Generated by OpenCVE AI on March 31, 2026 at 15:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update RAUC to version 1.15.2 or later, which includes a fix for the integer overflow and corrects the signature coverage
  • If an immediate update is not possible, configure the update process to reject any bundle larger than 2 GiB until a patched RAUC version is in place
  • Verify that update channels are authenticated and that only signed bundles are accepted; use additional verification such as checksum validation as a temporary safeguard.

Generated by OpenCVE AI on March 31, 2026 at 15:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Rauc
Rauc rauc
Vendors & Products Rauc
Rauc rauc

Tue, 31 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
Title RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB
Weaknesses CWE-196
CWE-347
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Rauc Rauc
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T15:45:04.506Z

Reserved: 2026-03-25T20:12:04.196Z

Link: CVE-2026-34155

cve-icon Vulnrichment

Updated: 2026-03-31T15:44:57.041Z

cve-icon NVD

Status : Received

Published: 2026-03-31T14:16:11.997

Modified: 2026-03-31T14:16:11.997

Link: CVE-2026-34155

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:39Z

Weaknesses