CVE-2019-5679

NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader contains a vulnerability in nvtboot where the Trusted OS image is improperly authenticated, which may lead to code execution, denial of service, escalation of privileges, and information disclosure, code execution, denial of...

UBUNTU-CVE-2019-13104

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy to overwrite a very large amount of data including the whole stack while reading a crafted ext4 filesystem...

Das U-Boot Buffer Overflow Vulnerability (CNVD-2019-34814)

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A buffer overflow vulnerability exists in Das U-Boot. An attacker could exploit this vulnerability to...

Das U-Boot Buffer Overflow Vulnerability (CNVD-2019-34809)

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A buffer overflow vulnerability exists in Das U-Boot. An attacker could exploit this vulnerability to...

Das U-Boot Buffer Overflow Vulnerability (CNVD-2019-34811)

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A buffer overflow vulnerability exists in Das U-Boot. An attacker could exploit this vulnerability to...

Das U-Boot Buffer Overflow Vulnerability (CNVD-2019-34808)

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A buffer overflow vulnerability exists in Das U-Boot. An attacker could exploit this vulnerability to...

Das U-Boot Buffer Overflow Vulnerability (CNVD-2019-34818)

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A buffer overflow vulnerability exists in Das U-Boot. An attacker could exploit this vulnerability to...

UBUNTU-CVE-2019-14193

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfsreadlinkreply, in the "if" block after calculating the new path length...

UBUNTU-CVE-2019-14203

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: nfsmountreply...

NVIDIA Jetson TX1 Tegra bootloader local code execution vulnerability

NVIDIA Jetson TX1 is an embedded system development module from NVIDIA. A security vulnerability exists in the nvtboot of the Tegra bootloader in NVIDIA Jetson TX1 L4T R32 versions prior to R32.2, which stems from a failure of the program to first validate the load address when loading the...

CVE-2019-5680

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges...

CVE-2019-5680

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges...

Input validation

In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges...

CVE-2019-5680

CVE-2019-5680 affects NVIDIA Jetson TX1 on the L4T R32 branch prior to R32.2. The vulnerability is in the Tegra bootloader (nvtboot) where the nvtboot-cpu image is loaded without validating the load address first, which may allow code execution, denial of service, or privilege escalation. Public ...

Pixel Update Bulletin—July 2019Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel devices Google devices. For Google devices, security patch levels of 2019-07-05 or higher address all issues in this bulletin and all issues in the July 2019 Android...

Code injection

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2018-13909

CVE-2018-13909 involves Qualcomm bootloader metadata verification and partial hash system calls that may corrupt the parallel hashing state, causing unexpected behavior across Snapdragon SoCs (e.g., Auto, Compute, Mobile, etc.). The entry is supported by multiple sources (NVD, Red Hat, Android bu...

CVE-2018-13909

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2018-18558

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...

Input validation

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...