Preface: It is not uncommon to rewrite the bootloader during a cyber attack, malicious code present in the bootloader will be executed after restart. After this, the code will hijack the Linux boot process in memory and then download and execute the malware with root privileges. Finally, the downloaded program attacks other devices through password scanning or remote code execution vulnerabilities.
The above scenario is capable of infecting various types of IoT devices, including ARM and MIPS architectures. The target victim device uses Uboot[1] as the bootloader and Linux as the operating system.

Background: Das U-Boot (Normally shortened to U-Boot), us a universal bootloader designed for used with a variety of embedded device. It is commonly used in IoT devices to manage the booting process into the main operating system. U-Boot bootloader allows you to update the firmware of your device over Ethernet. U-Boot uses the TFTP protocol to get the firmware images from a TFTP server running on your computer and programs them onto the eMMC of the device.

Vulnerability details: Hole Descriptor Overwrite in U-Boot IP Packet Defragmentation Leads to Arbitrary Out of Bounds Write Primitive (CVE-2022-30790).

Impact: The U-Boot implementation of RFC815 IP DATAGRAM REASSEMBLY ALGORITHMS is susceptible to a Hole Descriptor overwrite attack which ultimately leads to an arbitrary write primitive.

Remedy: This bug was disclosed to U-Boot support team and will be fixed in an upcoming patch. Update to the latest master branch version once the fix has been committed.

For more information on this vulnerability, see the following link – https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/