CVE-2020-10850

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 Exynos chipsets software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 January 2020...

Buffer overflow

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 Exynos chipsets software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 January 2020...

CVE-2019-20548

CVE-2019-20548 affects Samsung mobile devices with P(9.0) software on Qualcomm chipsets. The root cause is a buffer overflow in the bootloader , enabling potential arbitrary execution on affected devices. The vulnerability has a high to critical impact profile (NVD CVSS v3.1: 9.8, network attack ...

CVE-2020-10850

The CVE-2020-10850 entry describes a buffer overflow in the secure bootloader USB path on Samsung mobile devices with Exynos SoCs (Android O[8.x], P[9.0], Q[10.0]), enabling arbitrary code execution. The issue is tied to the secure bootloader’s handling of USB buffers (root cause: buffer overflow...

Linux: Read GRUB config files (KB)

The GRUB Grand Unified Bootloader is a bootloader available from the GNU project. A bootloader is very important as it is impossible to start an operating system without it. It is the first program which starts when the program is switched on. The bootloader transfers the control to the operating...

homee Brain Cube Access Control Error Vulnerability

Homee Brain Cube is a smart home central control unit from Homee Germany. An access control error vulnerability exists in the bootloader in Homee Brain Cube V2 2.23.0 and earlier versions, which can be exploited by an attacker to gain root privileges by manipulating the U-Boot environment via the...

CVE-2019-16258

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

Hardcoded credentials

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

CVE-2019-16258

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

CVE-2019-16258

The CVE-2019-16258 issue affects the homee Brain Cube V2 bootloader up to version 2.23.0. Affected component: bootloader/U-Boot environment accessible via internal UART. Root access can be gained by attackers with physical access who manipulate the U-Boot environment through the CLI after connect...

DEBIAN-CVE-2020-10648

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration...

UBUNTU-CVE-2020-10648

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration...

Reverse Engineering the Tesla Firmware Update Process

TL;DR How does the Tesla update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that mostly worked after we had finished. Part 1: analysing the hardware, complete with a 14 layer PCB...

grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable

A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure for example by setting RLIMIT, causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots...

How to prevent a rootkit attack

If you're ever at the receiving end of a rootkit attack, then you'll understand why they are considered one of the most dangerous cyberthreats today. Rootkits are a type of malware designed to stay undetected on your computer. Cybercriminals use rootkits to remotely access and control your machin...

AZL-41815 CVE-2014-3591 affecting package grub2 for versions less than 2.06-25

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

[SECURITY] Fedora 31 Update: grub2-2.02-103.fc31

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

CVE-2019-17391

An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...

CVE-2019-17391

An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...

Google Android OS Command Injection Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. LG Bootloader is one of the bootloaders. A security vulnerability exists in the LG Bootloader component of Android. An attacker can exploit the vulnerability to elevate privileges...