grub2: shim_lock verifier allows non-kernel files to be loaded

A flaw was found in grub2. The shimlock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed...

grub2: Crafted PNG grayscale images may lead to out-of-bounds write in heap

A flaw was found in grub 2, where a crafted 16-bit grayscale PNG image may lead to an out-of-bounds write. This flaw allows an attacker to corrupt the data on the heap portion of the grub2's memory, leading to possible code execution and the circumvention of the secure boot mechanism...

Google Android Information Disclosure Vulnerability (CNVD-2022-62203)

Google Android is a Linux-based open source operating system from Google, Inc. Bootloader is one of the bootloaders. The vulnerability stems from incorrect boundary checking, which could lead to out-of-bounds reads. An attacker could exploit the vulnerability to obtain sensitive information...

Fedora: Security Advisory for grub2 (FEDORA-2022-27932fdd06)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: grub2-2.06-42.fc36

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

UBUNTU-CVE-2022-30790

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552...

grub2 缓冲区错误漏洞

grub2 is a Linux system boot program from the GNU community. A buffer error vulnerability exists in grub2, which can be exploited by an attacker to cause a buffer underflow write in the heap via a carefully crafted JPEG image...

Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and...

SUSE SLED15 / SLES15 Security Update : kernel-firmware (SUSE-SU-2022:1923-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1923-1 advisory. - Failure to flush the Translation Lookaside Buffer TLB of the I/O memory management unit IOMMU may lead an IO...

PT-2022-6874 · Shim +9 · Shim +9

Name of the Vulnerable Software and Affected Versions: shim affected versions not specified Description: The issue is related to the handle image function in the UEFI bootloader shim, which is vulnerable to a buffer overflow when processing EFI files that take into account the SizeOfRawData field...

Out-of-bounds

A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses...

CVE-2021-26361

The CVE-2021-26361 vulnerability affects AMD ASP/AGESA Boot Loader where a malicious or compromised UApp or ABL could exfiltrate arbitrary memory from the ASP stage 2 bootloader, leading to information disclosure. The issue is tied to the boot firmware stack (AGESA PI) across multiple AMD platfor...

CVE-2021-26369

A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses...

AMD System Management Unit 缓冲区错误漏洞

The AMD System Management Unit SMU is a system management unit at AMD in the United States. A security vulnerability exists in the AMD System Management Unit that originates from the use of a malicious or compromised UApp or ABL to send a misformatted system call to the bootloader, resulting in...

PT-2022-9737 · Amd · Agesa Boot Loader +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A malicious or compromised User Application UApp or AGESA Boot Loader ABL could be used by an attacker to exfiltrate arbitrary memory from the ASP stage...

AMD System Management Unit 信息泄露漏洞

The AMD System Management Unit SMU is a system management unit of AMD Corporation. A security vulnerability exists in the AMD System Management Unit that originates from the use of a malicious or corrupted user application UApp or AGESA bootloader ABL to filter arbitrary memory from the ASP stage...

PT-2022-9739 · Amd · Athlon™ Series +22

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area,...

PT-2022-9752 · Amd · Athlon™ Series +50

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader, potentially leading to...

CVE-2021-26347

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...

Integer overflow

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...