11 matches found
EUVD-2021-22977
Malware in sbrugna...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
Security Bulletin: This Power System update is being released to address CVE-2018-8931
Summary POWER8/POWER9: In response to a security bypass vulnerability, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-8931. Vulnerability Details CVEID: CVE-2018-8931 DESCRIPTION: The AMD Ryzen, Ryzen Pro, and Ryzen Mobil...
Security Bulletin: This Power System update is being released to address CVE 2018-1992
Summary POWER9: In response to a buffer overflow vulnerability on the boot loader, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2018-1992. Vulnerability Details CVEID: CVE-2018-1992 DESCRIPTION: The IBM POWER9 boot firmware'...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
Design/Logic Flaw
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
CVE-2021-36357
The CVE-2021-36357 issue affects OpenPOWER 2.6 firmware. unpack_timestamp() uses le32_to_cpu() to endian-convert the uint16_t year, causing a type mismatch that can truncate the year value and bypass the timestamp check. The documented remediation is to apply the correct endian conversion functio...
CVE-2021-36357
An issue was discovered in OpenPOWER 2.6 firmware. unpacktimestamp calls le32tocpu for endian conversion of a uint16t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion...
OpenPOWER 安全漏洞
OpenPOWER is the firmware for the OpenPower system. A security vulnerability exists in OpenPOWER that originates when a networked system or product performs an operation on memory without properly validating data boundaries, resulting in incorrect read and write operations being performed to...