CVE-2024-20865

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images...

PT-2024-7445 · Samsung · Samsung Android

Name of the Vulnerable Software and Affected Versions: Samsung Android mobile devices affected versions not specified Samsung Android mobile devices versions prior to SMR May-2024 Release 1 Description: The issue is related to weaknesses in the authentication procedure of the bootloader component...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR May-2024 Release 1, which originates from an authentication bypass in the bootloader...

SUSE-SU-2024:1507-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: cobbler: - Provide option to use pre-built GRUB bootloader - Prevent parallel executions of cobbler sync actions bsc1218764 image-sync-formula: - Update to version 0.1.1711646883.4a44375 Add missing URL tag Update license to SPDX syntax inter-server-sync: -...

[SECURITY] Fedora 38 Update: grub2-2.06-118.fc38

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

grub2: grub2-set-bootflag can be abused by local (pseudo-)users

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not ...

[SECURITY] Fedora 39 Update: grub2-2.06-120.fc39

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

CVE-2024-32883

MCUboot is affected by an issue where unprotected TLV entries can be injected into a signed image, because the protected/unprotected TLV distinction is not enforced. This can allow an attacker to influence dependency indications or boot records, potentially causing a processed image to be rejecte...

CVE-2024-32883 MCUboot Injection attack of unprotected TLV values

MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV tag-length-value structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part...

MCUboot 安全漏洞

MCUboot is an open source secure bootloader for 32-bit microcontrollers from mcu-tools. A security vulnerability exists in MCUboot. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...

CVE-2024-23593

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges...

CVE-2024-23593

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges...

CVE-2024-23593

Technical details about CVE-2024-23593 (Lenovo bootloader privilege escalation) are not provided in the connected documents; monitoring for updates is advised.

CVE-2024-23593

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges...

ROS-20240411-07

A vulnerability in the UEFI shim bootloader is related to errors in the MZ binary format. Exploitation of the vulnerability could allow an attacker to cause a denial of service The shim UEFI bootloader vulnerability is related to out-of-bounds read errors when attempting to check the SBAT...

ROS-20240410-11

The vulnerability of the Grub2 operating system boot loader is related to incomplete clearing of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

PC System Recovery Bootloader Vulnerabilities - Lenovo Support US

No description provided...

PT-2024-3000 · Microsoft · Windows 7 +2

Name of the Vulnerable Software and Affected Versions: Lenovo preloaded Windows versions 7 through 8 Description: A buffer overflow vulnerability was reported in a system recovery bootloader that could allow a privileged attacker with local access to execute arbitrary code. The vulnerability is...

PT-2024-2999 · Microsoft · Windows 8 +2

Name of the Vulnerable Software and Affected Versions: Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 Description: A vulnerability was reported in a system recovery bootloader that could allow a privileged attacker with local access to modify the boot manager and escalate...

CVE-2023-48426 Chromecast Bootloader & Kernel-level code-execution including compromise of user-data

u-boot bug that allows for u-boot shell and interrupt over UART...