AMD EPYC Security Vulnerability

AMD EPYC is a line of x86 architecture server microprocessors from AMD, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC, which stems from the fact that improperly clearing sensitive data from the ASP boot loader could expose keys to ...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

PT-2024-2762 · Shim +6 · Shim +6

Name of the Vulnerable Software and Affected Versions: Shim versions for 32-bit systems Description: The issue is related to a buffer overflow in the UEFI boot loader shim for 32-bit systems. This overflow occurs due to an addition operation involving a user-controlled value parsed from the PE...

grub2 buffer error vulnerability

grub2 is a Linux system boot program from the American GNU community. A security vulnerability exists in grub2 that stems from an out-of-bounds write vulnerability in the NTFS file system driver...

Siemens EFI Boot Guard Code Execution Vulnerability

Siemens EFI Boot Guard is a simple UEFI boot loader from Siemens Germany. A code execution vulnerability exists in Siemens EFI Boot Guard versions prior to 0.15, which stems from insufficient input validation and cleanup, and can be exploited by an attacker to execute arbitrary code in privileged...

UBUNTU-CVE-2023-39950

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...

CVE-2023-39950

Technical details for CVE-2023-39950 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

UBUNTU-CVE-2022-28736

There's a use-after-free vulnerability in grubcmdchainloader function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If a...

Use of Telnet in multiple SICK Flexi Soft and Flexi Classic Gateways

Several versions of the SICK Flexi Soft Gateways FX0-GENT, FX0-GMOD, FX0-GPNT and SICK Flexi Classic Gateway UE410 provide a Telnet interface for debugging, which is enabled by factory default. No password is set in the default configuration. If the password is not set by the customer, a remote...

grub2 bug fix and enhancement update

An update is available for grub2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

SUSE CVE-2012-2625

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service memory consumption via a large 1 bzip2 or 2 lzma compressed kernel image...

SUSE CVE-2018-18439

DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image...

SUSE CVE-2019-13105

Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem...

SUSE CVE-2021-26335

Improper input and range checking in the AMD Secure Processor ASP boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution...

SUSE CVE-2021-27097

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...

SUSE CVE-2022-30790

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552...

Western Digital UFS 安全漏洞

Western Digital UFS is an application from Western Digital. A security vulnerability exists in Western Digital UFS, which stems from the fact that an attacker may be able to disable boot functionality or revert to old boot loader code if the host boot ROM code is not implemented properly...

CVE-2022-23005 Host Boot ROM Code Vulnerability in Systems Implementing UFS Boot Feature

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in...

GSD-2023-1001527 ext4: fix bug_on in __es_tree_search caused by bad boot loader inode

ext4: fix bugon in estreesearch caused by bad boot loader inode This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...

GSD-2023-1000879 ext4: fix bug_on in __es_tree_search caused by bad boot loader inode

ext4: fix bugon in estreesearch caused by bad boot loader inode This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...