CVE-2026-24796
📋 TL;DR
This CVE describes an out-of-bounds read vulnerability in CloverBootloader's Oniguruma regular expression module. An attacker could exploit this to read sensitive memory contents or potentially cause system instability. This affects systems using CloverBootloader versions before 5162.
💻 Affected Systems
- CloverHackyColor CloverBootloader
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Information disclosure of sensitive memory contents, potential system crash leading to denial of service, or possible code execution if combined with other vulnerabilities.
Likely Case
System instability or crash when processing malicious regular expressions, potentially causing boot failures.
If Mitigated
Limited impact if systems are not exposed to untrusted regular expression input.
🎯 Exploit Status
Exploitation requires ability to supply malicious regular expressions to the bootloader, typically through configuration files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5162 and later
Vendor Advisory: https://github.com/CloverHackyColor/CloverBootloader/pull/732
Restart Required: Yes
Instructions:
1. Update CloverBootloader to version 5162 or later. 2. Replace existing bootloader files with patched version. 3. Rebuild boot configuration if necessary. 4. Reboot system to apply changes.
🔧 Temporary Workarounds
Disable regular expression features
allRemove or disable regular expression processing in boot configuration
Edit config.plist to remove regex-related configurations
Disable RegularExpressionDxe module if possible
🧯 If You Can't Patch
- Restrict access to boot configuration files to prevent malicious modifications
- Monitor for unexpected system crashes during boot process
🔍 How to Verify
Check if Vulnerable:
Check CloverBootloader version using 'clover --version' or examine bootloader files for version informationCheck Version:
clover --versionVerify Fix Applied:
Verify CloverBootloader version is 5162 or higher after update📡 Detection & Monitoring
Log Indicators:
- Unexpected system crashes during boot
- Bootloader error messages related to regular expression parsing
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
Not applicable for typical SIEM monitoring of bootloader issues