1768 matches found
CVE-2021-46766
CVE-2021-46766 is reported as a vulnerability in AMD ASP/ASP Bootloader where improper clearing of sensitive data may expose secret keys to a privileged attacker with access to ASP SRAM, potentially compromising confidentiality. Concrete technical context appears in accompanying advisories: AMD’s...
AMD Secure Processor Security Vulnerability
AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from AMD. A security vulnerability exists in AMD Secure Processor, which stems from the fact that insufficient validation of the SPI flash address in the bootloader could allow an attacker to read data mapped to memory other than the SP...
AMD EPYC Security Vulnerability
AMD EPYC is a line of x86 architecture server microprocessors from AMD, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC, which stems from a TOCTOU in the ASP bootloader that could allow an attacker with physical access to tamper with...
PT-2023-12580 · Unknown +1 · Asp Bootloader +1
Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to the improper clearing of sensitive data in the ASP Bootloader, which may expose secret keys to a privileged attacker accessing ASP SRAM. This could potentiall...
PT-2023-17451 · Unknown +1 · Asp Bootloader +1
Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to insufficient input validation in the ASP Bootloader, which may allow a privileged attacker with physical access to expose the contents of ASP memory. This cou...
PT-2023-8275 · Unknown +1 · Asp Bootloader +1
Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to a Time-of-Check-to-Time-of-Use TOCTOU vulnerability in the ASP Bootloader, which may allow an attacker with physical access to tamper with SPI ROM records aft...
PT-2023-12572 · Amd · Amd Secure Processor
Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to insufficient validation of SPI flash addresses in the ASP bootloader, which may allow an attacker to read data in memory mapped beyond SPI flash. This...
OESA-2023-1801 shim security update
Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A vulnerability classified as critical has been found in rhboot shim up to 15.7 on ARM. This affects the function mirroroneesl of the file mok.c of the component mok...
Espressif Systems esptool Security Vulnerability
Espressif Systems esptool is a Python-based, open-source, platform-independent utility program from Espressif Systems that communicates with the ROM bootloader in the Espressif chip. A security vulnerability exists in Espressif Systems esptool version 4.6.2. An attacker could exploit this...
CVE-2023-3487
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots...
CVE-2023-3487
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots...
Integer overflow
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots...
CVE-2023-3487 Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots...
CVE-2023-3487 Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots...
CVE-2023-3487
The CVE-2023-3487 entry affects Silicon Labs Gecko Bootloader versions 4.3.1 and earlier, caused by an integer overflow that enables unbounded memory access when reading from or writing to storage slots. The vulnerability could impact firmware handling of storage slots, with the disclosed data in...
PT-2023-25042 · Silicon · Gecko Bootloader
Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko Bootloader versions 4.3.1 and earlier Description: The issue is related to an integer overflow in the Gecko Bootloader, which allows unbounded memory access when reading from or writing to storage slots. Recommendations: Fo...
Silicon Labs Gecko Bootloader Input Validation Error Vulnerability
Silicon Labs Gecko Bootloader is a bootloader from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Gecko Bootloader version 4.3.1 and prior versions that originated from allowing unrestricted memory access while reading or writing to a memory slot...
PT-2023-5885 · Grub2 +10 · Grub2 +10
Name of the Vulnerable Software and Affected Versions: Grub2 affected versions not specified Description: The issue is related to an out-of-bounds read flaw in Grub2's NTFS filesystem driver. This flaw may allow a physically present attacker to present a specially crafted NTFS file system image t...
Fastboot Fuzzing
TL;DR The Fastboot protocol can often have hidden commands Those commands can do interesting things Conventionally they’re found by reverse engineering Cant find a copy of the firmware? Guess the commands A custom implementation of the protocol enables fuzzing via dictionary or brute force A simp...
CVE-2023-4041
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow', Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM Firmware Update File Parser modules allows Code Injection, Authentication Bypass.This issue affects "Standalone...