782 matches found
Intel® Thunderbolt™ Controller Advisory
Summary: A potential security vulnerability in some Intel® Thunderbolt™ controllers may allow information disclosure. Intel is releasing prescriptive guidance to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-14630 Description: Reliance on untrusted inputs in a...
Fedora 31 : fwupd (2020-ad1c74c2a1)
New upstream release - Actually reload the DFU device after upgrade has completed - Capture the dock SKU in report metadata - Correctly set the Logitech device protocol - Do not use shim for non-secure boot configurations - Ensure that the DeviceID is set for child devices - Fix an error when...
The vulnerability of Thunderbolt devices’ microcontrollers lies in the ability to load metadata from an unauthenticated device. This allows a hacker to gain direct access to the memory of computing devices connected to Thunderbolt interfaces.
The vulnerability of Thunderbolt devices’ microcontrollers relates to the ability to load metadata from an unauthenticated device. Exploiting this vulnerability can allow a hacker to gain direct access to the memory of the computing device, which is connected to Thunderbolt devices...
The vulnerability of Thunderbolt devices’ microcontrollers, related to errors in the implementation of backward compatibility mechanisms, allows attackers to gain direct access to the memory of computing devices to which Thunderbolt-enabled devices are connected.
The vulnerability of Thunderbolt device microcontrollers is related to errors in the implementation of backward compatibility mechanisms. Exploiting this vulnerability can allow an attacker to gain direct access to the memory of computing devices, to which Thunderbolt-enabled devices are connecte...
The vulnerability of Thunderbolt device microcontrollers, related to the lack of protection at the “Work Camp” level, allows a intruder to gain direct access to the memory of computing devices to which Thunderbolt-enabled devices are connected.
The vulnerability of Thunderbolt device microcontrollers is related to the lack of protection at the “Work Camp” level. Exploiting this vulnerability can allow an attacker to gain direct access to the memory of computing devices, to which Thunderbolt devices are connected...
The vulnerability of Thunderbolt devices’ microcontrollers stems from the use of inadequate firmware verification schemes. This allows attackers to gain direct access to the memory of computing devices, which are connected to Thunderbolt interfaces.
The vulnerability of Thunderbolt device microcontrollers is related to the use of inadequate firmware verification schemes. Exploiting this vulnerability can allow an attacker to gain direct access to the memory of the computing device, to which Thunderbolt devices are connected...
The vulnerability of Thunderbolt devices’ microcontrollers stems from the ability to use configuration parameters of an unauthenticated controller. This allows a malicious actor to gain direct access to the memory of computing devices connected to Thunderbolt interfaces.
The vulnerability of Thunderbolt device microcontrollers lies in the ability to use configuration parameters for an unauthenticated controller. Exploiting this vulnerability can allow a hacker to gain direct access to the memory of the computing device, which is connected to Thunderbolt devices...
The vulnerability of Thunderbolt devices’ microcontrollers, related to errors in the implementation of the SPI Flash interface, allows attackers to gain direct access to the memory of computing devices connected to Thunderbolt interfaces.
The vulnerability of Thunderbolt device microcontrollers is related to errors in the implementation of the SPI Flash interface. Exploiting this vulnerability can allow an attacker to gain direct access to the memory of computing devices, to which Thunderbolt-enabled devices are connected...
The vulnerability of Thunderbolt devices’ microcontrollers stems from the use of a weak authentication scheme for the device. This allows attackers to gain direct access to the memory of the computing device, which is connected to Thunderbolt interfaces.
The vulnerability of Thunderbolt device microcontrollers is related to the use of a weak authentication mechanism for devices. Exploiting this vulnerability can allow attackers to gain direct access to the memory of computing devices, to which Thunderbolt devices are connected...
Intel Thunderbolt Vulnerabilities - Lenovo Support US
Lenovo Security Advisory: LEN-31390 Potential Impact: Information disclosure, privilege escalation Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-14630 Summary Description: Intel reported potential security vulnerabilities, requiring physical access and dedicated equipment...
Intel Thunderbolt Vulnerabilities - Lenovo Support US
No description provided...
ThunderSpy
A combination of vulnerabilities for the Thunderbolt protocol have been announced that allow a malicious actor to access most machines with a Thunderbolt port and bypass security restrictions on the device. Recent assessments: agalauner-r7 at May 11, 2020 4:37pm UTC reported: The risks of DMA...
A week in security (May 11 – May 17)
Last week on Malwarebytes Labs, we explained why RevenueWire has to pay $6.7 million to settle FTC charges, how CVSS works: characterizing and scoring vulnerabilities, and we talked about how and why hackers hit a major law firm with Sodinokibi ransomware. We also launched another episode of our...
7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years
A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past 9 years with Thunderbolt, or Thunderbolt-compatible USB-C ports. Collectively dubbed 'ThunderSpy,' the vulnerabilities can be exploited in 9 realisti...
Millions of Thunderbolt-Equipped Devices Open to 'ThunderSpy' Attack
A new attack enables bad actors to steal data from Windows or Linux devices equipped with Thunderbolt ports – if they can get their hands on the device for just five minutes. The attack, called “Thunderspy,” specifically targets Thunderbolt technology, which is a hardware interface developed by...
DLL Hijacking Vulnerability in Xunlei X
Thunderbolt X is an Internet download tool software. Xunlei X has a DLL hijacking vulnerability that can be exploited by an attacker to load a malicious DLL and execute arbitrary code...
Code Execution Vulnerability in Thunderbolt X Installer
Thunderbolt X is an Internet download tool software. A code execution vulnerability exists in the Xunlei X installer. An attacker can exploit the vulnerability to execute arbitrary code...
Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges
Vulnerabilities in Dell and HP laptops could allow an attacker to access information and gain kernel privileges via the devices’ Direct Memory Access DMA capability. DMA is a processing-efficiency approach for peripherals such as PCI cards or network interface cards that, as the name suggests,...
HPSBHF03647 rev. 2 - HP Open-Chassis Pre-boot Direct Memory Access (DMA) Vulnerability
Potential Security Impact Arbitrary Code Execution, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT. Reported by: Mickey Shkatov from Eclypsium, and Zoltan Harmath from Microsoft. VULNERABILITY SUMMARY A potential security vulnerability with pre-boot...
CVE-2019-18579
Settings for the Dell XPS 13 2-in-1 7390 BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt and PCIe behind TBT pre-boot modules" setting is enabled by default. A local unauthenticated attacker with physical access to a user's...