The vulnerability of the grub_font_construct_glyph() function, a loader for the Grub2 operating system, allows a hacker to execute arbitrary code.

The vulnerability of the grubfontconstructglyph function, a part of the Grub2 operating system loader, is related to the issue where an operation goes beyond the buffer boundaries in memory when processing specially formatted glyphs in the pf2 format. Exploiting this vulnerability allows an...

CVE-2022-37908

CVE-2022-37908 affects ArubaOS bootloader on Aruba 7xxx series controllers. The root cause, as described in connected sources, is a bootloader integrity issue that allows an authenticated attacker to impact the integrity of the bootloader and, consequently, compromise the hardware chain of trust ...

CVE-2022-37908

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller...

CVE-2022-37908

An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller...

CVE-2022-37907

ArubaOS bootloader on 7xxx series Mobility Controllers is affected by a DoS vulnerability that can cause a system hang requiring a power cycle. The issue stems from the bootloader and impacts availability (CVE-2022-37907). The public description consistently states DoS as the outcome; explicit ex...

CVE-2022-37907

A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service DoS condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller...

CVE-2022-3675

Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a...

Default credentials

Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a...

CVE-2022-3675

CVE-2022-3675 affects Fedora CoreOS where a misconfiguration in GRUB password handling allows booting non-default OSTree deployments without entering a password, potentially reverting security fixes. Affected behavior: GRUB password protects access to GRUB CLI and kernel cmdline modifications, bu...

CVE-2022-3675

Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a...

CVE-2022-3675

Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a...

Nokia ASIK AirScale System Module

1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Nokia Equipment: ASIK AirScale 5G Common System Module Vulnerabilities: Improper Access Control for Volatile Memory Containing Boot Code, Assumed-Immutable Data is Stored in Writable Memory 2. RISK EVALUATION Successful...

PT-2022-24141 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS versions on 7xxx series controllers affected versions not specified Description: A denial of service DoS condition can occur on an impacted system due to a vulnerability in the ArubaOS bootloader. This can cause a system hang that can...

PT-2022-24142 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS versions on 7xxx series controllers affected versions not specified Description: An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the...

CVE-2022-24936

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

CVE-2022-24936

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

CVE-2022-24936

CVE-2022-24936 is a vulnerability in Silicon Labs Gecko Bootloader’s GBL parser, affecting Gecko Bootloader versions 4.0.1 and earlier. The issue is an out-of-bounds error in the GBL parser that could let an attacker overwrite critical flash keys (Sign key and OTA decryption key) through a malici...

CVE-2022-24936 Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

CVE-2022-24936 Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

PT-2022-16996 · Silicon · Gecko Bootloader

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko Bootloader versions 4.0.1 and earlier Description: The issue is related to an Out-of-Bounds error in the GBL parser, which allows an attacker to overwrite the flash Sign key and OTA decryption key via a malicious bootloader...