1768 matches found
Design/Logic Flaw
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...
CVE-2023-4818
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...
CVE-2023-4818
CVE-2023-4818 affects PAX A920 bootloader downgrade due to a bug in the version check. The signature check remains intact and only bootloaders signed by PAX are accepted. Exploitation requires physical USB access to the device. The connected documents confirm the vulnerability and its physical-ac...
CVE-2023-4818
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...
PT-2024-1564 · Pax · Pax A920
Name of the Vulnerable Software and Affected Versions: PAX A920 device affected versions not specified Description: The issue is related to a bug in the version check of the PAX A920 device's bootloader, allowing it to be downgraded. The device correctly checks the signature and only allows...
DEBIAN-CVE-2024-23301
Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root...
Information disclosure
Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920 allow Information Disclosure in the Bootloader...
CVE-2023-43122
CVE-2023-43122 concerns Samsung Mobile Processor and Wearable Processor families (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) and is described as an Information Disclosure in the Bootloader. The Red Hat entry and PT-Security/PT-2023-28707 corroborate the issue on these Exynos l...
CVE-2023-43122
Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920 allow Information Disclosure in the Bootloader...
PT-2023-28707 · Samsung · Exynos 1330 +8
Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920 Description: The issue allows Information Disclosure in the Bootloader. Recommendations: At the moment, there is no information abou...
SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:4665-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4665-1 advisory. - Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds...
SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:4654-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4654-1 advisory. - Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds...
CVE-2023-42561
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code...
CVE-2023-42561
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code...
Heap overflow
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code...
CVE-2023-42561
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code...
CVE-2023-42561
CVE-2023-42561 is a heap out-of-bounds write vulnerability in the bootloader prior to Samsung SMR Dec-2023 Release 1. The issue allows a physical attacker to execute arbitrary code. No exploitation details are provided in the documents. Samsung’s security bulletin references a December 2023 patch...
SAMSUNG Mobile devices security vulnerability
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices SMR Dec-2023 Release 1, which stemmed from a heap out-of-bounds write vulnerability in the...
PT-2023-9618 · Samsung · Samsung Android
Name of the Vulnerable Software and Affected Versions: Samsung mobile devices versions prior to SMR Feb-2024 Release 1 Description: The issue is related to improper input validation in the bootloader, which allows local privileged attackers to cause an Out-Of-Bounds read. This can potentially...
OESA-2023-1838 shim security update
Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A vulnerability classified as critical has been found in rhboot shim up to 15.7 on ARM. This affects the function mirroroneesl of the file mok.c of the component mok...