CVE-2023-53101 ext4: zero i_disksize when initializing the bootloader inode

In the Linux kernel, the following vulnerability has been resolved: ext4: zero idisksize when initializing the bootloader inode If the boot loader inode has never been used before, the EXT4IOCSWAPBOOT inode will initialize it, including setting the isize to 0. However, if the "never before used"...

CVE-2023-53101 ext4: zero i_disksize when initializing the bootloader inode

In the Linux kernel, the following vulnerability has been resolved: ext4: zero idisksize when initializing the bootloader inode If the boot loader inode has never been used before, the EXT4IOCSWAPBOOT inode will initialize it, including setting the isize to 0. However, if the "never before used"...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ext4 filesystem not properly initializing the idisksize of the bootloader inode, which could result in a...

GNU GRUB2 Buffer Overflow Vulnerability (CNVD-2025-09674)

GNU GRUB2 is a Linux system bootloader from the GNU community. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from the reiserfs fs module not properly checking for integer overflow issues, which can be exploited by an attacker to cause a heap out-of-bounds write, corrupt critic...

SUSE CVE-2025-22102

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix kernel panic during FW release This fixes a kernel panic seen during release FW in a stress test scenario where WLAN and BT FW download occurs simultaneously, and due to a HW bug, chip sends out only 1...

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

B&R Industrial Automation B&R APROL 访问控制错误漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. An access control error vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-01, which stems from a lack of critical function authentication in the GRUB...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

CVE-2024-56336

The CVE-2024-56336 issue affects Siemens SINAMICS S200 devices with serial prefixes SZVS8/SZVS9/SZVS0/SZVSN and FS 02, where an unlocked bootloader enables injection of malicious code or installation of untrusted firmware. The vulnerability stems from the unsecured bootloader, compromising device...

CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

Siemens SINAMICS S200

SUMMARY A specific range of produced SINAMICS S200 devices contains an unlocked bootloader vulnerability that could allow an attacker to download untrusted firmware that could damage or compromise the device. For delivered products listed below Siemens recommends countermeasures. 2. GENERAL...

Siemens SINAMICS S200 授权问题漏洞

The Siemens SINAMICS S200 is a single-axis AC servo drive system from Siemens, Germany. An authorization issue vulnerability exists in the Siemens SINAMICS S200 that originates from an unlocked bootloader and could allow an attacker to inject malicious code or install untrusted firmware...

GNU GRUB2 Buffer Overflow Vulnerability

GNU GRUB2 is an open source bootloader used to load the operating system kernel when the computer boots. GNU GRUB2 suffers from a buffer overflow vulnerability that originates from an integer overflow when reading data from the squash4 file system. An attacker can exploit this vulnerability to...

Linux Distros Unpatched Vulnerability : CVE-2022-34302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In...

Linux Distros Unpatched Vulnerability : CVE-2022-34303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to lo...