1736 matches found
CVE-2021-46750
CVE-2021-46750 describes a failure to validate address and size in a Trusted Execution Environment (TEE) that could allow a local x86 attacker to send malformed messages to the graphics mailbox, causing overlap of a previously allocated Trusted Memory Region (TMR) by the ASP bootloader and potent...
CVE-2025-36907
In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...
PT-2025-36381
Name of the Vulnerable Software and Affected Versions: ASP affected versions not specified Description: An out-of-bounds read issue exists in the ASP bootloader. A privileged attacker with access to a malicious bootloader could potentially read sensitive memory, leading to a loss of...
CVE-2023-21472
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21473
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write
...
CVE-2025-36907
In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...
Grub2: commands/extcmd: missing check for failed allocation
...
Grub2: grub-core/gettext: integer overflow leads to heap oob write.
...
CVE-2025-36907
In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...
CVE-2025-36907
In drawsurfaceimage of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for...
CVE-2025-36907
CVE-2025-36907 affects the Android Pixel stack: a heap buffer overflow in the draw_surface_image() function of abl/android/lib/draw/draw.c allows an out-of-bounds write. This can lead to local elevation of privilege via USB fastboot after a bootloader unlock, with no additional execution privileg...
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
...
PT-2025-35890
Name of the Vulnerable Software and Affected Versions: abl affected versions not specified Description: A heap buffer overflow exists in the draw surface image function within abl/android/lib/draw/draw.c. This issue may lead to local escalation of privilege via USB fastboot after a bootloader...
CVE-2023-21472
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21472
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21473
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21473
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21473
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21473
CVE-2023-21473 involves the Exynos Fastboot USB Interface on Samsung Mobile devices, where improper input validation prior to SMR Apr-2023 Release 1 can allow a physical attacker to execute arbitrary code in the bootloader. The vulnerability affects the Fastboot interface and its handling, enabli...