The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.

...

CVE-2023-3488 Uninitialized variable in Gecko Bootloader can leak secure stack

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file...

CVE-2023-3488 Uninitialized variable in Gecko Bootloader can leak secure stack

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file...

DEBIAN-CVE-2022-28734

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...

UBUNTU-CVE-2022-28735

The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...

PT-2023-27441 · Silicon · Gecko Bootloader

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko Bootloader versions affected versions not specified Description: The issue is a Buffer Copy without Checking Size of Input, also known as a 'Classic Buffer Overflow', which allows Code Injection and Authentication Bypass...

PT-2023-13634

Name of the Vulnerable Software and Affected Versions ZTE versions affected versions not specified Vivo versions affected versions not specified Description The issue concerns the locking of bootloaders by certain brands, with ZTE and Vivo being examples. ZTE has started blocking the vulnerabilit...

PT-2023-9234 · U-Boot · U-Boot

Name of the Vulnerable Software and Affected Versions: u-boot affected versions not specified Description: The issue is related to a bug in u-boot that allows for access to the u-boot shell and interrupt over UART. This is caused by a buffer overflow in memory. An attacker could exploit this to...

CVE-2021-46792

Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...

CVE-2021-46759

Improper syscall input validation in AMD TEE Trusted Execution Environment may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP AMD Secure Processor bootloader accessible memory to a serial port, resulting in a potential...

CVE-2021-46754

Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...

CVE-2021-46759

Improper syscall input validation in AMD TEE Trusted Execution Environment may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP AMD Secure Processor bootloader accessible memory to a serial port, resulting in a potential...

CVE-2021-46760

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution...

CVE-2021-46756

Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...

CVE-2021-46756

Insufficient validation of inputs in SVCMAPUSERSTACK in the ASP AMD Secure Processor bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity...

CVE-2021-46754

Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...

CVE-2021-46755

Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...

Design/Logic Flaw

Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...

Denial of service

Failure to unmap certain SysHub mappings in error paths of the ASP AMD Secure Processor bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service...

Input validation

Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...