SUSE CVE-2022-34303

A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use...

SUSE CVE-2022-34302

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader...

SUSE CVE-2022-34835

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the doi2cmd function...

The vulnerability of the ASP Bootloader for AMD processors allows a hacker to trigger a system failure.

The vulnerability of the ASP Bootloader for AMD processors arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure remotely...

[SECURITY] [DLA 3312-1] shim security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3312-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 08, 2023 https://wiki.debian.org/LTS -...

Pixel Update Bulletin—February 2023Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2023-02-05 or later address all issues in this bulletin and all issues in the February 2023 Android...

CLSA-2023-1674815966 grub2: Fix of 2 CVEs

font: Reject glyphs exceeds font-maxglyphwidth or font-maxglyph height - font: Fix size overflow in grubfontgetglyphinternal - CVE-2022-2601: font: Fix several integer overflows in grubfontconstructglyph - CVE-2022-3775: font: Fix an integer underflow in blitcomb...

GSD-2023-1000860 efi: random: combine bootloader provided RNG seed with RNG protocol output

efi: random: combine bootloader provided RNG seed with RNG protocol output This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

CVE-2023-20527

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...

CVE-2023-20525

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...

CVE-2023-20525

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...

CVE-2023-20527

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...

CVE-2021-26346

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...

Design/Logic Flaw

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...

Design/Logic Flaw

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service...

Integer overflow

Failure to validate the integer operand in ASP AMD Secure Processor bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service...

AMD Secure Encrypted Virtualization 缓冲区错误漏洞

AMD Secure Encrypted Virtualization is a software application from UltraMicroelectronics AMD. Hardware-accelerated memory encryption to protect data in use. AMD Secure Encrypted Virtualization SEV suffers from a buffer error vulnerability that stems from insufficient validation of input. An...

AMD Secure Processor(ASP) 输入验证错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. AMD Secure Processor ASP suffers from a security vulnerability that stems from inadequate system call input validation in the Bootloader, which could allow a privileged attacker to read memory outside of...

CVE-2023-20527

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...

CVE-2023-20527

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service...