PT-2025-35462

Name of the Vulnerable Software and Affected Versions: Cisco BootROM affected versions not specified Description: In BootROM, a missing validation check for Certificate Type 0 may allow for local privilege escalation without requiring additional execution privileges. Recommendations: At the momen...

PT-2025-35466

Name of the Vulnerable Software and Affected Versions: BootRom affected versions not specified Description: A missing payload size check in BootRom could lead to a memory buffer overflow, and does not require additional execution privileges. Recommendations: At the moment, there is no information...

PT-2025-35465

Name of the Vulnerable Software and Affected Versions: BootRom affected versions not specified Description: The BootRom software contains an unchecked command index issue. This could lead to local escalation of privilege without requiring additional execution privileges. Recommendations: At the...

CVE-2019-9536

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware...

CVE-2018-6240

NVIDIA Tegra contains a vulnerability in BootRom where a user with kernel level privileges can write an arbitrary value to an arbitrary physical address...

Various Renesas products Security breaches

The Renesas SmartBond DA14691, among others, is a wireless connectivity multi-core microcontroller unit MCU from Renesas, Japan. A security vulnerability exists in several Renesas products, which originates from the bootrom function responsible for validating the Flash product header directly usi...

PT-2024-20727 · Renesas · Renesas Smartbond

Name of the Vulnerable Software and Affected Versions: Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699 Description: An issue was discovered where the bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value Length of Flash...

Hirschmann HiOS Switches Heap-based Buffer Overflow (CVE-2019-12257)

DHCP packets may go past the local area network LAN via DHCP-relays, but are otherwise confined to the LAN. The DHCP-client may be used by VxWorks and in the bootrom. Bootrom, using DHCP/BOOTP, is only vulnerable during the boot-process. This vulnerability may be used to overwrite the heap, which...

Exploit for Out-of-bounds Read in Nxp Lpc55S69Jbd100_Firmware

CVE-2021-40154...

CVE-2021-0467

In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Out-of-bounds

In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-0467

In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-0467

CVE-2021-0467 affects Chromecast bootROM with an out-of-bounds write caused by an incorrect bounds check. This allows local escalation of privilege in the bootloader with physical USB access and no user interaction. The Android bulletin notes fixes at 2021-05-01/2021-05-05 patch levels; no exploi...

HPE Intelligent Management Center (iMC) deployselectbootrom Expression Language Injection Remote Code Execution Vulnerability

HPE Intelligent Management Center iMC is a suite of network intelligent management center solutions from Hewlett Packard Enterprise HPE. The solution provides network-wide visibility and enables comprehensive management of resources, services and users. A security vulnerability exists in HPE...

Unpatched Apple T2 Chip Flaw Plagues Macs

A researcher is claiming that Apple devices – with a macOS operating system and a T2 security chip – are open to an exploit that could give bad actors root access. A fix has not been issued by Apple. The flaw stems from the T2 chip, which is the second-generation version of Apple’s chip that...

You Can Now Run Android on an iPhone With 'Project Sandcastle'

Not happy with your expensive iPhone and wondered if it's possible to run any other operating system on your iPhone, maybe, how to install Android on an iPhone or Linux for iPhones? Android phones can be rooted, and iPhones can be jailbroken to unlock new features, but so far, it's been close to...

Security Bulletin: Jetson AGX Xavier, TK1, TX1, TX2, and Nano L4T- December 2019

NVIDIA has released a software security update for Jetson AGX Xavier, TK1,TX1, TX2, and Nano in the NVIDIA® Tegra® Linux Driver Package L4T. The update addresses issues that may lead to code execution, denial of service, escalation of privileges, or information disclosure. To protect your system,...

Apple iPhone 3GS Non-Null Pointer Vulnerability

The Apple iPhone 3GS is a smartphone from the American company Apple. A security vulnerability exists in the Apple iPhone 3GS old bootrom and new bootrom. An attacker can exploit the vulnerability to install arbitrary firmware...

CVE-2019-9536

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware...

CVE-2019-9536

Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware...