CVE-2026-34963

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

CVE-2026-34963

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

CVE-2026-34963

Barebox EFI PE loader (efi/loader/pe.c) contains multiple memory-safety vulnerabilities in versions prior to 2026.04.0: (1) 32-bit arithmetic overflow in virtual image size calculation on section VirtualAddress/size can cause undersized heap allocations, and (2) PE section loading does not valida...

The vulnerability of the EFI loader in microprogrammed software for SIMATIC IPC devices, SIMATIC PC tablets, and SIMATIC Field PG notebooks allows a perpetrator to influence the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the EFI loader in microprogrammed software for SIMATIC IPC devices, SIMATIC PC tablets, and SIMATIC Field PG notebooks is related to the breach of data protection mechanisms. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and...

AZL-40910 CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...