86 matches found
DEBIAN-CVE-2022-28737
There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...
SUSE CVE-2022-40540
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel...
CVE-2022-40540
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel...
CVE-2022-40540
CVE-2022-40540 targets the Linux kernel, specifically a memory corruption flaw in the Qualcomm mdt loader. The issue arises from a buffer copy during firmware loading in qcom_mdt_read_metadata within drivers/soc/qcom/mdt_loader.c, where input size is not properly validated. The Red Hat security e...
CVE-2022-40540 Buffer copy without checking the size of input in Linux Kernel
Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel...
PT-2022-6528 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to a buffer copy without checking the size of input, which can lead to memory corruption. This can occur while loading firmware in the Linux Kernel. The exploitati...
GSD-2022-1007395 crypto: cavium - prevent integer overflow loading firmware
crypto: cavium - prevent integer overflow loading firmware This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.220 by commit...
PT-2022-35838 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue concerns an integer overflow when loading firmware, specifically affecting the crypto component related to Cavium. This problem was introduced in version v4.11 and is resolved in...
CVE-2021-26382
An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor ACP, irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service...
CVE-2022-34763
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon...
CVE-2022-34762
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...
CVE-2022-34762
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...
Path traversal
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...
CVE-2022-34765
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...
CVE-2022-34765
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software, related to security mechanism failures, allows a intruder to cause a service failure.
The vulnerability of HID Mercury programmable logic controllers’ microprogramming software is related to security mechanism errors. Exploiting this vulnerability allows a malicious actor to cause service failure by loading arbitrary firmware files remotely...
kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service
A flaw was found in the Linux kernel’s implementation of Extended Display Identification Data EDID technology. A firmware identifier string is duplicated with the kstrdup function, and the allocation may fail under very low memory conditions. An attacker could abuse this flaw by causing a Denial ...
Samsung Mobile Device Data Forgery Issue Vulnerability
Android is a free and open source operating system from Google based on the Linux kernel without GNU components. Samsung mobile devices are vulnerable to a data forgery issue that can be exploited by attackers to load malicious firmware...
Race condition
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs...
Updated kernel packages fix security vulnerabilities
This kernel update is based on the upstream 4.14.13 and fixes several security issues. The most important fix in this update is for the security issue named "Meltdown" that is fixed in theese kernels by enabling kernel Page Table Isolation KPTI. Note that according to AMD, this issue does not...