bootloader
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3850 | Hig | 0.47 | 7.3 | 0.00 | Aug 5, 2016 | Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug… | ||
| CVE-2014-9798 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2016 | platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka… | ||
| CVE-2025-31716 | Med | 0.33 | 5.1 | 0.00 | Aug 1, 2025 | In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. | ||
| CVE-2025-58476 | 0.00 | — | 0.00 | Dec 2, 2025 | Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory. | |||
| CVE-2024-20820 | 0.00 | — | 0.00 | Feb 6, 2024 | Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read. | |||
| CVE-2023-42561 | 0.00 | — | 0.00 | Dec 5, 2023 | Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. | |||
| CVE-2022-34303 | 0.00 | — | 0.01 | Aug 26, 2022 | A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader… | |||
| CVE-2022-34302 | 0.00 | — | 0.01 | Aug 26, 2022 | A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed… | |||
| CVE-2021-27430 | 0.00 | — | 0.00 | Mar 23, 2022 | GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR. | |||
| CVE-2020-12747 | 0.00 | — | 0.00 | May 11, 2020 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020). | |||
| CVE-2018-9580 | 0.00 | — | 0.00 | Nov 14, 2018 | A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002. |
- risk 0.47cvss 7.3epss 0.00
Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug…
- risk 0.36cvss 5.5epss 0.00
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka…
- risk 0.33cvss 5.1epss 0.00
In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
- CVE-2025-58476Dec 2, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.
- CVE-2024-20820Feb 6, 2024risk 0.00cvss —epss 0.00
Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.
- CVE-2023-42561Dec 5, 2023risk 0.00cvss —epss 0.00
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
- CVE-2022-34303Aug 26, 2022risk 0.00cvss —epss 0.01
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader…
- CVE-2022-34302Aug 26, 2022risk 0.00cvss —epss 0.01
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed…
- CVE-2021-27430Mar 23, 2022risk 0.00cvss —epss 0.00
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.
- CVE-2020-12747May 11, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020).
- CVE-2018-9580Nov 14, 2018risk 0.00cvss —epss 0.00
A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002.