CVE-2021-46769

CVE-2021-46769 affects the AMD ASP bootloader (ASP) and allows a privileged attacker to trigger insufficient syscall input validation to perform arbitrary DMA copies, potentially leading to code execution. The AMD AMD-SB-3001 bulletin summarizes the impact as high for this CVE and links remediati...

CVE-2021-46769

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution...

shim: 3rd party shim allow secure boot bypass

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use...

shim: 3rd party shim allow secure boot bypass

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader...

shim: 3rd party shim allow secure boot bypass

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader...

PT-2023-12089 · Unknown · Asp Bootloader

Name of the Vulnerable Software and Affected Versions: ASP bootloader affected versions not specified Description: A Time-of-Check-to-Time-of-Use TOCTOU issue in the ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory, potentially resulting in S3 data...

PT-2023-12569 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to insufficient input validation in the ASP bootloader, which may allow an attacker with a compromised Uapp or ABL to expose sensitive information to the...

PT-2023-12571 · Amd · Asp

Name of the Vulnerable Software and Affected Versions: ASP AMD Secure Processor bootloader affected versions not specified Description: The issue is related to insufficient validation of inputs in the SVC MAP USER STACK component of the ASP bootloader. This may allow an attacker with a malicious...

PT-2023-12093 · Amd · 1St Gen Amd Epyc™ Processors +110

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace,...

PT-2023-17449 · Unknown · Asp Bootloader

Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to improper access control settings in ASP Bootloader, which may allow an attacker to corrupt the return address, causing a stack-based buffer overrun. This coul...

CVE-2023-21489

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code...

CVE-2023-21489

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code...

Heap overflow

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code...

CVE-2023-21489

CVE-2023-21489 is a heap out-of-bounds write vulnerability in the bootloader of Samsung Mobile devices, prior to SMR May-2023 Release 1, allowing a physical attacker to execute arbitrary code. The issue affects the bootloader function/section used during device startup and is exploitable with phy...

PT-2023-18242 · Unknown · Bootloader

Name of the Vulnerable Software and Affected Versions: Bootloader versions prior to SMR May-2023 Release 1 Description: A heap out-of-bounds write issue allows a physical attacker to execute arbitrary code. Recommendations: For versions prior to SMR May-2023 Release 1, update to SMR May-2023...

CVE-2023-21489

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code...

CVE-2023-21489

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code...

SAMSUNG Mobile devices 缓冲区错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices SMR May-2023 Release 1 version, which stemmed from a bootloader program that...

CVE-2023-27826

SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem function...

Command injection

SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem function...