CVE-2021-34388

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution...

Heap overflow

Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution...

CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

Authorization

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

CVE-2021-33887

The CVE-2021-33887 issue affects Peloton TTR01 devices up to model PTV55G, where insufficient verification of data authenticity enables a physical attacker to boot into a modified kernel/ramdisk without unlocking the bootloader. Root cause: lack of integrity checks on boot data allows unauthorize...

CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

Peloton TTR01 数据伪造问题漏洞

The Peloton TTR01 is a wireless device. A data forgery vulnerability exists in the Peloton TTR01, which arises from insufficient validation of data authenticity and can be exploited by an attacker with physical access to boot into a modified kernel ramdisk without unlocking the bootloader.The...

grub2: Heap out-of-bounds write in short form option parser

A flaw was found in grub2. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...

多款Qualcomm产品缓冲区错误漏洞

The Qualcomm Snapdragon SOC Snapdragon Processor is a chip from Qualcomm Incorporated that is used in mobile devices to process information. A buffer error vulnerability exists in various Qualcomm products. The vulnerability stems from the fact that a non-secure bootloader can unlock and modify...

ASB-A-174490700

In TBD of TBD, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation...

[SECURITY] Fedora 33 Update: shim-unsigned-x64-15.4-5.fc33

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments...

Fedora: Security Advisory for shim (FEDORA-2021-cab258a413)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for shim-unsigned-aarch64 (FEDORA-2021-cab258a413)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: shim-15.4-4

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. This package contains the version signed by the UEFI signing service...

[SECURITY] Fedora 34 Update: shim-unsigned-aarch64-15.4-1.fc34

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments...

Fedora: Security Advisory for grub2 (FEDORA-2021-c5ed9c3970)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: grub2-2.06~rc1-2.fc34

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

CVE-2021-3418

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction...

[slackware-security] Slackware 14.2 kernel

New kernel packages are available for Slackware 14.2 to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.261/: Upgraded. These updates fix various bugs and security issues, including the recently announced iSCSI vulnerabilities allowing local...

SUSE-SU-2021:0777-1 Security update for s390-tools

This update for s390-tools fixes the following issues: - Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. - CVE-2021-25316: Do not use predictable temporary file names bsc1182777. - Mad...