Fedora 38 : fwupd (2023-48c43df788)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-48c43df788 advisory. This release adds the following features: Add a launchd agent for macOS Add a new security attribute for BIOS capsule updates to be enabled Add functionality...

Multiple race conditions due to TOCTOU flaws in various UEFI Implementations

Overview Multiple Unified Extensible Firmware Interface UEFI implementations are vulnerable to code execution in System Management Mode SMM by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access DMA timing attacks tha...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...