Design/Logic Flaw

Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation...

CVE-2019-14715

CVE-2019-14715 affects Verifone Pinpad Payment Terminals. The root cause is an undocumented physical access path via an SBI bootloader memory write operation, enabling local access that can impact confidentiality, integrity, and availability as reflected by CVSS metrics (CVSSv3.1: AV=Physical, AC...

CVE-2019-14715

Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation...

[SECURITY] Fedora 31 Update: grub2-2.02-110.fc31

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

Fedora: Security Advisory for grub2 (FEDORA-2020-e19b87f4f5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Looking for sophisticated malware in IoT devices

One of the motivations for this post is to encourage other researchers who are interested in this topic to join in, to share ideas and knowledge and to help build more capabilities in order to better protect our smart devices. Research background Smart watches, smart home devices and even smart...

Design/Logic Flaw

AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage such as the bootloader...

The vulnerability in the implementation of the read_section_as_string() function of the Grub2 operating system allows a attacker to influence data integrity or cause service failures.

The vulnerability of the readsectionasstring function in the Grub2 operating system’s loader is related to the issue of data operations going beyond the buffer boundaries. This is because the maximum length of a UINT32MAX is 1 byte. Exploiting this vulnerability could allow an attacker to influen...

GRUB2 contained integer overflows when handling the initrd command leading to a heap-based buffer overflow.

...

GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim

...

CVE-2020-8710

Buffer overflow in the bootloader for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2020-8710

Buffer overflow in the bootloader for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2020-8711

Improper access control in the bootloader for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access...

Improper access control

Improper access control in the bootloader for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access...

USN-4432-2 grub2, grub2-signed regression

USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems either pre-UEFI or UEFI configured in Legacy mode, preventing them from successfully booting. This update addresses the issue. Users with BIOS syste...

GRUB2 Arbitrary Code Execution Vulnerability

On July 29, 2020, a research paper titled “There’s a Hole in the Boot” was made publicly available. This paper discusses a vulnerability discovered in the GRand Unified Bootloader version 2 GRUB2 bootloader that may allow an attacker to execute arbitrary code at system boot time. The vulnerabilit...

grub2: Use-after-free redefining a function whilst the same function is already executing

GRUB2 contains a race condition in grubscriptfunctioncreate leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2...

grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow

A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this...

grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...

grub2: Use-after-free redefining a function whilst the same function is already executing

GRUB2 contains a race condition in grubscriptfunctioncreate leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2...