Linux: GRUB bootloader password

GRUB is the bootloader mainly used on Linux systems. If protected with a password, users can not enter or change boot parameters without a password. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Heap overflow

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader...

CVE-2018-9580

CVE-2018-9580 is an Elevation of Privilege in the HTC bootloader affecting Android kernel components. The issue is categorized as EoP with high risk (CVSS v3.0 base score 9.8) and high impact on confidentiality, integrity, and availability; exploitation details or vectors are not disclosed in the...

DigiDuck Framework - Framework For Digiduck Development Boards Running ATTiny85 Processors And Micronucleus Bootloader

Framework for Digiduck Development Boards running ATTiny85 processors and micronucleus bootloader! Roadmap: Plan to implement a command for Duckyspark translation within the framework. Requirements: - ATTiny85 or other compatible "Digispark" Development Boards - DigiSpark Drivers If you can use...

[slackware-security] Slackware 14.2 kernel

New kernel packages are available for Slackware 14.2 to mitigate security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.153/: Upgraded. This kernel update enables mitigations for L1 Terminal Fault aka Foreshadow and Foreshadow-NG vulnerabilities. Thank...

CVE-2017-3225

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...

CVE-2017-3226

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption i.e., setting the configuration parameter CONFIGENVAES=y read environment variables from disk as the encrypte...

CVE-2017-3225

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt...

CVE-2017-3226

CVE-2017-3226 concerns Das U-Boot’s AES-CBC environment encryption (CONFIG_ENV_AES=y). A crafted two‑byte sequence in the encrypted environment data can trigger an error during environment variable parsing, which is improperly handled and leads to an immediate process termination with a debugging...

Bootloader vulnerability in OnePlus 6 lets an attacker take control of the device

By Waqas An IT security researcher has discovered a critical vulnerability in OnePlus This is a post from HackRead.com Read the original post: Bootloader vulnerability in OnePlus 6 lets an attacker take control of the device...

OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader

Have you recently bought a OnePlus 6? Don't leave your phone unattended. A serious vulnerability has been discovered in the OnePlus 6 bootloader that makes it possible for someone to boot arbitrary or modified images to take full admin control of your phone—even if the bootloader is locked. A...

Google Android MediaTek component elevation of privilege vulnerability (CNVD-2018-13165)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the Google Android MediaTek component bootloader. An attacker can exploit this vulnerability to achieve elevation of privilege...

Google Android MediaTek component elevation of privilege vulnerability (CNVD-2018-13160)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the Google Android MediaTek component bootloader. An attacker can exploit this vulnerability to achieve elevation of privilege...

Google Android Qualcomm component elevation of privilege vulnerability (CNVD-2018-12656)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the Google Android Qualcomm component Bootloader. An attacker can exploit this vulnerability to achieve elevation of privilege...

Google Android Qualcomm component elevation of privilege vulnerability (CNVD-2018-12659)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the Google Android Qualcomm component Bootloader. An attacker can exploit this vulnerability to achieve elevation of privilege...

CVE-2015-9215

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, and SD 810, improper input validation can cause a null pointer dereference in USB bootloader findep function...

CVE-2015-9215

CVE-2015-9215 describes a null pointer dereference in the USB bootloader find_ep() on Qualcomm Snapdragon Mobile SKUs (e.g., MDM9615, MDM9625, MDM9635M, SD 810) due to improper input validation. Affected platforms include Android builds prior to the 2018-04-05 patch level. The issue is rated CRIT...

CVE-2017-13247

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID:...

Design/Logic Flaw

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID:...

CVE-2017-13247

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID:...