K000151375: Intel Slim Bootloader vulnerability CVE-2025-20083

Security Advisory Description Improper authentication in the firmware for the IntelR Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20083 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

CVE-2025-20083

Improper authentication in the firmware for the IntelR Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2025-20083

Improper authentication in the firmware for the IntelR Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2025-20083

Improper authentication in the firmware for the IntelR Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2025-20083

CVE-2025-20083 affects Intel® Slim Bootloader. Description: improper authentication in the firmware may allow a privileged user to escalate privileges via local access. References indicate Intel issued an advisory (INTEL-SA-01290) with mitigation guidance and affected platforms; CVSS scores shown...

CVE-2025-20083

Improper authentication in the firmware for the IntelR Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access...

grub2: commands/extcmd: Missing check for failed allocation

A flaw was found in grub2 where the grubextcmddispatcher function calls grubarglistalloc to allocate memory for the grub's argument list. However, it fails to check in case the memory allocation fails. Once the allocation fails, a NULL point will be processed by the parseoption function, leading...

grub2: reader/jpeg: Heap OOB Write during JPEG parsing

A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded...

grub2: fs/ufs: OOB write in the heap

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

Intel® Slim Bootloader Advisory

Summary: A potential security vulnerability in the Intel® Slim Bootloader may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-20083 Description: Improper authentication in the firmware for the Inte...

PT-2025-21090 · Intel · Intel Slim Bootloader

Name of the Vulnerable Software and Affected Versions: IntelR Slim Bootloader affected versions not specified Description: The issue is related to improper authentication in the firmware, which may allow a privileged user to potentially enable escalation of privilege via local access...

ALSA-2025:7241 Moderate: rust-bootupd security update

Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section...

RHEL 9 : rust-bootupd (RHSA-2025:7241)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7241 advisory. Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security...

Intel Slim Bootloader 授权问题漏洞

Intel Slim Bootloader is a lightweight secure boot solution from Intel Corporation USA designed for the Intel platform. Intel Slim Bootloader suffers from an authorization issue vulnerability that stems from improper authentication and could lead to elevation of privilege...

SUSE CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

DEBIAN-CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

UBUNTU-CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

GNU GRUB 访问控制错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. An Access Control Error vulnerability exists in GNU GRUB, which stems from GRUB not clearing the key in memory during automatic TPM decryption, and can be exploited by an attacker to obtain unencrypted data...

CVE-2023-53101

In the Linux kernel, the following vulnerability has been resolved: ext4: zero idisksize when initializing the bootloader inode If the boot loader inode has never been used before, the EXT4IOCSWAPBOOT inode will initialize it, including setting the isize to 0. However, if the "never before used"...

CVE-2023-53101

CVE-2023-53101 affects the Linux kernel ext4 bootloader inode handling. The issue arises when EXT4_IOC_SWAP_BOOT initializes an inode with a non-zero i_size, causing i_disksize to remain non-zero and creating an i_size vs i_disksize inconsistency that can trigger a kernel warning (as shown in the...