CVE-2026-24795
📋 TL;DR
An out-of-bounds write vulnerability in CloverBootloader's Oniguruma regular expression module allows attackers to write data beyond allocated memory boundaries. This affects systems using CloverBootloader before version 5162, potentially leading to system crashes or arbitrary code execution during boot process.
💻 Affected Systems
- CloverHackyColor CloverBootloader
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise during boot process, allowing persistent malware installation or bricking the system.
Likely Case
System instability or crashes during boot, requiring physical intervention to recover.
If Mitigated
Limited impact if system uses secure boot or other boot protections that detect tampering.
🎯 Exploit Status
Exploitation requires physical access or ability to modify boot configuration. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5162 and later
Vendor Advisory: https://github.com/CloverHackyColor/CloverBootloader/pull/733
Restart Required: Yes
Instructions:
1. Download CloverBootloader version 5162 or newer from official repository. 2. Create bootable USB with updated version. 3. Boot from USB and install updated bootloader. 4. Reboot system.
🔧 Temporary Workarounds
Disable Regular Expression Module
allRemove or disable the vulnerable RegularExpressionDxe module from bootloader configuration
Edit config.plist to remove RegularExpressionDxe.efi from Drivers section
Enable Secure Boot
allUse UEFI Secure Boot to prevent unauthorized bootloader modifications
Enable Secure Boot in UEFI/BIOS settings
🧯 If You Can't Patch
- Restrict physical access to systems using CloverBootloader
- Implement full disk encryption to protect against boot-time attacks
🔍 How to Verify
Check if Vulnerable:
Check CloverBootloader version in boot menu or using 'clover --version' command if availableCheck Version:
Check version in boot menu or examine EFI partition for version filesVerify Fix Applied:
Verify installed CloverBootloader version is 5162 or higher📡 Detection & Monitoring
Log Indicators:
- Unexpected system crashes during boot
- Bootloader error messages related to regular expressions
Network Indicators:
- None - this is a local boot-time vulnerability
SIEM Query:
Not applicable - local boot process vulnerability