11 matches found
EUVD-2021-22977
Malware in sbrugna...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
Security Bulletin: This Power System update is being released to address CVE 2018-1992
Summary POWER9: In response to a buffer overflow vulnerability on the boot loader, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2018-1992. Vulnerability Details CVEID: CVE-2018-1992 DESCRIPTION: The IBM POWER9 boot firmware'...
Security Bulletin: This Power System update is being released to address CVE-2018-8931
Summary POWER8/POWER9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. Vulnerability Details CVEID: CVE-2018-8931 DESCRIPTION: The AMD Ryzen, Ryzen Pro, and Ryzen Mobil...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
Design/Logic Flaw
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
CVE-2021-36357
The CVE-2021-36357 issue affects OpenPOWER 2.6 firmware. unpack_timestamp() uses le32_to_cpu() to endian-convert the uint16_t year, causing a type mismatch that can truncate the year value and bypass the timestamp check. The documented remediation is to apply the correct endian conversion functio...
OpenPOWER 安全漏洞
OpenPOWER is the firmware for the OpenPower system. A security vulnerability exists in OpenPOWER that originates when a networked system or product performs an operation on memory without properly validating data boundaries, resulting in incorrect read and write operations being performed to...