CVE-2018-18558

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...

CVE-2018-18558

Affected software: Espressif ESP-IDF 2.x and 3.x before 3.0.6, and 3.1.x before 3.1.1. Root cause: Insufficient validation of input data in the 2nd stage bootloader (process_segment in components/bootloader_support/src/esp_image_format.c). Vulnerability allows a physically proximate attacker to b...

UBUNTU-CVE-2019-11059

Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow...

[SECURITY] Fedora 30 Update: grub2-2.02-75.fc30

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

CVE-2018-1992

The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker wer...

CVE-2018-1992

The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a buffer overflow vulnerability such that, if an attacker wer...

CVE-2018-1992

The IBM POWER9 boot firmware bootloader contains a buffer overflow in the initial boot image load path that could overwrite its own instruction memory and bypass secure boot protections, allowing trojan installation. Affected products/versions include FW910 boot firmware and OP910/OP920 OpenPOWER...

[slackware-security] Slackware 14.2 kernel

New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.172/: Upgraded. These updates fix various bugs and many mostly minor security issues. Be sure to upgrade your initrd after upgrading the...

Linux: GRUB bootloader password

GRUB is the bootloader mainly used on Linux systems. If protected with a password, users can not enter or change boot parameters without a password. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Intel Optane SSD DC P4800X Denial of Service Vulnerability (CNVD-2019-02514)

The Intel Optane SSD DC P4800X is a solid state drive from Intel USA. A security vulnerability exists in the firmware update subroutine for the bootloader in versions prior to Intel Optane SSD DC P4800X E2010435. A local attacker could exploit this vulnerability to cause a denial of service...

CVE-2018-12167

Firmware update routine in bootloader for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access...

Cryptocurrency Wallet Hacks Spark Dustup

LEIPZIG, GERMANY – Hardware based cryptocurrency wallets may not be as secure as promised. That’s the judgement of Dmitry Nedospasov, Thomas Roth and Josh Datko who together presented their research at a session here at the 35c3 conference called “wallet.fail.” In the talk the researchers...

The vulnerability of the HTC Bootloader component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the HTC Bootloader of the Android operating system is related to errors in the authentication process for certificates. Exploiting this vulnerability can allow attackers to increase their privileges...

Google Android Bootloader Component Privilege Permission and Access Control Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Bootloader is a bootloader. A security vulnerability exists in the Bootloader component in Android on Pixel devices. A local attacker can exploit the vulnerability to gai...

Google Android Bootloader Buffer Overflow Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Bootloader is a bootloader. A buffer overflow vulnerability exists in Bootloader in Android. An attacker could exploit this vulnerability to execute code or cause a denia...

Heap overflow

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader...

DENX U-Boot Buffer Overflow Vulnerability

DENX Software Engineering Das U-Boot is a set of bootloaders from DENX Software Engineering, Germany, that can read device configurations from AES encrypted files. A buffer overflow vulnerability exists in the filesystem image load function in DENX Software Engineering Das U-Boot, which stems fro...

CVE-2018-9580

A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002...

Privilege escalation

A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002...

CVE-2018-9580

CVE-2018-9580 is an Elevation of Privilege in the HTC bootloader affecting Android kernel components. The issue is categorized as EoP with high risk (CVSS v3.0 base score 9.8) and high impact on confidentiality, integrity, and availability; exploitation details or vectors are not disclosed in the...