CVE-2019-9467

In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2019-9467

In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

CVE-2019-9467

CVE-2019-9467 affects Google's Android Bootloader (Bootloader/Android kernel component). The issue is a kernel command injection caused by missing command sanitization in the Bootloader, which can enable local privilege escalation to SYSTEM. Exploitation requires local access with high privileges...

CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

Integer overflow

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

Motorola G4 & G5 mobile phone was traced to the presence of high-risk kernel command line injection vulnerability-vulnerability warning-the black bar safety net

In a previous article about the Nexus6 root vulnerability in the article, we had mentioned Vulnerability CVE-2016-10277 will likely affect the Motorola device. When we on Twitter by some of the relevant reports after the fact to prove our previous conjecture. In order to prove that Motorola devic...

Linux lp.c Out-of-Bounds Write via Kernel Command-line

Vulnerable Versions Linux 4.12-rc1 and below Linux 3.x Linux 2.6.x Linux 2.4.x Linux 2.2.x Mitigation Patch has been committed to the mainline tree, available in the 4.12-rc2 release. 3.18 / 4.4 stable releases with the patch are also avaialble see timeline. Technical Details Due to a missing...

initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection

In the May 2017 Android Security Bulletin, Google released a patch to a critical and unique vulnerability CVE-2016-10277 in the Nexus 6 bootloader we had found and responsibly disclosed. By exploiting the vulnerability, a physical adversary or one with authorized-ADB/fastboot USB access to the...

CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

PT-2017-3048 · Linux +3 · Linux +3

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue is caused by a missing bounds check in the Linux kernel, specifically in the drivers/char/lp.c file. This allows an adversary with partial control over the kernel command line,...

CVE-2016-4484

A password-check vulnerability was found in the way initramfs, generated by dracut, handles the decryption of LUKS-encrypted data partitions. An attacker having physical access to the machine or access to the boot console may be able to brute-force the LUKS password using the dracut shell, and ma...

SUSE SLED12 / SLES12 Security Update : kdump (SUSE-SU-2016:2553-1)

This update for kdump provides several fixes and enhancements : - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked ...

openSUSE Security Update : kdump (openSUSE-2016-1215)

This update for kdump provides several fixes and enhancements : - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked ...

SUSE-SU-2016:2553-1 Security update for kdump

This update for kdump provides several fixes and enhancements: - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked b...

RedHat Update for grub2 RHSA-2015:2401-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 18 : dracut-024-5.git20121019.fc18 (2012-16448)

fixed ifup exit code - fixed default 'rd.auto' parameter setting - only 'warn' not 'error', if we don't strip the initramfs - do not overwrite ifcfg from anaconda - ssh-client module fixes - strip binaries in the initramfs by default now - fixes for systemd and crypto - new dracut kernel command...