OESA-2024-1186 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints...

Advisory ROSA-SA-2024-2353

Software: shim 15 OS: rosa-server79 packageevrstring: shim-15-8.0.1.el7 CVE-ID: CVE-2023-40547 BDU-ID: 2024-00725 CVE-Crit: HIGH CVE-DESC.: A vulnerability exists in the shim UEFI bootloader due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could...

CVE-2024-1633

During the secure boot, bl2 the second stage of the bootloader loops over images defined in the table “bl2memparamsdescs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integ...

PT-2024-18181 · Bl2 · Bl2

Name of the Vulnerable Software and Affected Versions: Bootloader versions c2f286820471ed276c57e603762bd831873e5a17 and later Description: The issue occurs during the secure boot process, where the second stage of the bootloader, bl2, loops over images defined in the table "bl2 mem params descs"...

SUSE CVE-2024-1048

A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not ...

CLSA-2024-1707226462 grub2: Fix of CVE-2023-4692

CVE-2023-4692: ntfs: checks to ensure that NTFS drive's sector numbers are never written beyond the boundary...

CVE-2024-20820

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read...

CVE-2024-20820

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read...

Input validation

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read...

CVE-2024-20820

The CVE-2024-20820 entry refers to improper input validation in the bootloader of Samsung mobile devices, allowing local privileged attackers to trigger an out-of-bounds read. Affected software is the bootloader prior to SMR Feb-2024 Release 1. Documented impact includes confidentiality and avail...

CVE-2024-20820

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read...

CVE-2024-20820

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read...

SAMSUNG Mobile devices buffer error vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. SAMSUNG Mobile devices SMR Feb-2024 Release 1 suffers from a buffer error vulnerability that stems from a security issue in the bootloader that could...

[SECURITY] Fedora 38 Update: grub2-2.06-114.fc38

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

[SECURITY] Fedora 39 Update: grub2-2.06-116.fc39

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

Fedora: Security Advisory for grub2 (FEDORA-2024-633dc7e183)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-53d986312e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

grub2: bypass the GRUB password protection feature

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

grub2: bypass the GRUB password protection feature

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

ALSA-2024:0468 Moderate: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: bypass the...