CVE-2025-31716

CVE-2025-31716 corresponds to a local out-of-bounds write in the bootloader caused by a missing bounds check, potentially leading to local denial of service. The vulnerability affects UNISOC bootloader implementations as described in multiple sources, with a CVSSv3.1 base score of 5.1 (Local acce...

PT-2025-31609 · Unknown · Bootloader

Name of the Vulnerable Software and Affected Versions: bootloader affected versions not specified Description: A possible out-of-bounds write issue exists due to an incomplete bounds check in the bootloader. This could result in a local denial of service without requiring additional execution...

CVE-2023-28904

A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process...

Volkswagen MIB3 Infotainment 安全漏洞

Volkswagen MIB3 Infotainment is an infotainment system on a vehicle from Volkswagen Germany. A security vulnerability exists in Volkswagen MIB3 Infotainment, which originates from a RAM buffer overflow in the bootloader component, which could allow a physically accessible attacker to bypass...

The vulnerability of Grub2 operating system loaders, related to writing outside of the boundary, allows a perpetrator to trigger a service failure.

The vulnerability of the operating system bootloader Grub is related to writing beyond the boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the gettext loader component in the Grub2 operating system allows a hacker to execute arbitrary code.

The vulnerability of the gettext loader component in operating system Grub is related to integer overflow. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the UFS loader component of the Grub2 operating system, which allows a hacker to trigger a service failure

The vulnerability of the UFS loader component in operating systems like Grub relates to writing beyond the boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...

Pixel Watch Security Bulletin—June 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Watch Security Bulletin contains details of security vulnerabilities affecting Pixel Watch devices Google Devices. For Google devices, security patch levels of 2025-06-05 or later address all issues in this bulletin and all issues in the June 2025 Android Security Bulletin and all issue...

OpenCCA: an Open Framework to Enable Arm CCA Research

Confidential computing has gained traction across major architectures with Intel TDX, AMD SEV-SNP, and Arm CCA. Unlike TDX and SEV-SNP, a key challenge in researching Arm CCA is the absence of hardware support, forcing researchers to develop ad-hoc performance prototypes on non-CCA Arm boards. Th...

CVE-2024-23594

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code...

CVE-2024-23593

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges...

CVE-2024-20832

Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code...

CVE-2024-20831

Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code...

CVE-2024-20820

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read...

CVE-2024-20865

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images...

CVE-2024-20880

Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory...

CVE-2024-28183

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...

CVE-2024-49422

Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability...

CVE-2024-20882

Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access...

CVE-2023-39950

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...