CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...

CVE-2022-2483

The bootloader in the Nokia ASIK AirScale system module versions 474021A.101 and 474021A.102 loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device...