VYPR

bootloader

by Samsung Mobile

CVEs (11)

  • CVE-2016-3850HigAug 5, 2016
    risk 0.47cvss 7.3epss 0.00

    Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug…

  • CVE-2014-9798MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka…

  • CVE-2025-31716MedAug 1, 2025
    risk 0.33cvss 5.1epss 0.00

    In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.

  • CVE-2025-58476Dec 2, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.

  • CVE-2024-20820Feb 6, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.

  • CVE-2023-42561Dec 5, 2023
    risk 0.00cvss epss 0.00

    Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.

  • CVE-2022-34303Aug 26, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader…

  • CVE-2022-34302Aug 26, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed…

  • CVE-2021-27430Mar 23, 2022
    risk 0.00cvss epss 0.00

    GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.

  • CVE-2020-12747May 11, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020).

  • CVE-2018-9580Nov 14, 2018
    risk 0.00cvss epss 0.00

    A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002.