NVIDIA Jetson Linux 操作系统命令注入漏洞

NVIDIA Jetson Linux is an edge AI and robotics development platform provided by NVIDIA Corporation. NVIDIA Jetson Linux has a vulnerability related to operating system command injection, which stems from the injection of command-line parameters in initrd. This vulnerability may lead to code...

GRUB2 contained integer overflows when handling the initrd command leading to a heap-based buffer overflow.

...

USN-4432-1 grub2, grub2-signed vulnerabilities

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. CVE-2020-10713 Chris...

CVE-2020-15707 GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.

Integer overflows were discovered in the functions grubcmdinitrd and grubinitrdinit in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu the functionality is not included in GRUB2 upstream, leading to a heap-based buffer overflow. These could be triggered by an extremely...