UBUNTU-CVE-2020-10648

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration...

Reverse Engineering the Tesla Firmware Update Process

TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...

grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure for example by setting RLIMIT, causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots...

How to prevent a rootkit attack

If you're ever at the receiving end of a rootkit attack, then you'll understand why they are considered one of the most dangerous cyberthreats today. Rootkits are a type of malware designed to stay undetected on your computer. Cybercriminals use rootkits to remotely access and control your machin...

AZL-41815 CVE-2014-3591 affecting package grub2 for versions less than 2.06-25

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

[SECURITY] Fedora 31 Update: grub2-2.02-103.fc31

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

CVE-2019-17391

An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...

CVE-2019-17391

An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...

Google Android OS Command Injection Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. LG Bootloader is one of the bootloaders. A security vulnerability exists in the LG Bootloader component of Android. An attacker can exploit the vulnerability to elevate privileges...

PT-2019-6219 · Espressif · Esp32

Name of the Vulnerable Software and Affected Versions: Espressif ESP32 mask ROM code versions 2016-06-08 0 through 2 Description: The issue is related to the lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip, allowing an attacker with physical access to the device to...

CVE-2019-9467

In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Command injection

In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2019-9467

CVE-2019-9467 affects Google's Android Bootloader (Bootloader/Android kernel component). The issue is a kernel command injection caused by missing command sanitization in the Bootloader, which can enable local privilege escalation to SYSTEM. Exploitation requires local access with high privileges...

CVE-2019-9467

In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Unspecified Vulnerability in NVIDIA Shield TV Experience

The NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. A security vulnerability exists in the bootloader of the NVIDIA Tegra software in NVIDIA Shield TV Experience version 8.0.1, which originates from the program's failure to validate fields in the...

CVE-2019-5700

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure...

CVE-2019-5700

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure...

CVE-2019-5699

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, co...

CVE-2019-5699

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, co...

Buffer overflow

NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, co...