ASB-A-174490700

In TBD of TBD, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation...

UBUNTU-CVE-2020-25632

A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of...

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. Dubbed 'BootHole' and tracked as...

CVE-2020-12753

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving rawresources. The LG ID is LVE-SMP-200006 May 2020...

homee Brain Cube Access Control Error Vulnerability

Homee Brain Cube is a smart home central control unit from Homee Germany. An access control error vulnerability exists in the bootloader in Homee Brain Cube V2 2.23.0 and earlier versions, which can be exploited by an attacker to gain root privileges by manipulating the U-Boot environment via the...

Google Android LG Bootloader Information Disclosure Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. LG Bootloader is one of the bootloaders. An information disclosure vulnerability exists in LG Bootloader in Android. The vulnerability stems from errors such as configuration during...

CVE-2019-13105

Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem...

UBUNTU-CVE-2019-14193

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfsreadlinkreply, in the "if" block after calculating the new path length...

CVE-2018-12167

Firmware update routine in bootloader for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access...

Cryptocurrency Wallet Hacks Spark Dustup

LEIPZIG, GERMANY – Hardware based cryptocurrency wallets may not be as secure as promised. That’s the judgement of Dmitry Nedospasov, Thomas Roth and Josh Datko who together presented their research at a session here at the 35c3 conference called “wallet.fail.” In the talk the researchers...

The vulnerability of the HTC Bootloader component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the HTC Bootloader of the Android operating system is related to errors in the authentication process for certificates. Exploiting this vulnerability can allow attackers to increase their privileges...

Google Android LG Component Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the Google Android LG component Bootloader. An attacker can exploit this vulnerability to achieve elevation of privilege...

Huawei Mobile Phone Bootloader Memory Access Out-of-Bounds Vulnerability

Huawei P10 and P10 Plus are both smartphone products from Chinese company Huawei Huawei. A memory access out-of-bounds vulnerability exists in the Bootloader of Huawei P10 and P10 Plus due to lack of parameter checking. An attacker who has gained root access to Android could trick users into...

Huawei Cell Phone Write Arbitrary Memory Vulnerability

Huawei P10 and P10 Plus are both smartphone products from Chinese company Huawei Huawei. A write-anywhere memory vulnerability exists in the Bootloader of the Huawei P10 and P10 Plus due to a lack of parameter checking. An attacker who has gained root access to the Android system can trick the us...

Integer overflow

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

CVE-2016-10277 in MOTO X Mobile phone on the exploit practice-vulnerability warning-the black bar safety net

CVE-2016-10277 is present in the Motorola series phones bootloader high-risk vulnerabilities, you can by kernel command injection hijacking the phone startup process, loads the attacker's control of the initramfs, so as to achieve the root mention the right purpose. Our hands on just to have a...

How to pass kernel command injection bypass Nexus 6 safe start mode-bug warning-the black bar safety net

In 2017 5 on the Android security announcements, Google released a security patch that fixes the Nexus 6 bootloader in the discovery of a serious Vulnerability, CVE-2016-10277 in. Exploit this vulnerability, a physical attacker or a already have the bootloader locked down the target device...

PT-2017-3048 · Linux +3 · Linux +3

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue is caused by a missing bounds check in the Linux kernel, specifically in the drivers/char/lp.c file. This allows an adversary with partial control over the kernel command line,...

Google Pixel Qualcomm Bootloader Information Disclosure Vulnerability (CNVD-2017-03822)

Android on Pixel and Pixel XL is a Linux-based open source operating system for the Pixel and Pixel XL smartphones developed by Google and the Open Handset Alliance OHA in the U.S. The Qualcomm bootloader is a U.S.-developed bootloader used in the Pixel and Pixel XL. Qualcomm bootloader is a...

Exploit the vulnerability to unlock the hammer T1/2 phone in bootloader-vulnerability warning-the black bar safety net

Author: Pangu lab About the bootloader lock Smartisan is a mobile phone is one of the few attracted to industrial design and user experience. Luo cross-border too much, but also inevitably lead to its initial idea and the reality gap. the bootloader really locked or not locked, or even had been a...