Little Kernel Project » Little Kernel Bootloader : Security Vulnerabilities, CVEs,
Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attacker to execute arbitrary code.
Max CVSS
6.4
EPSS Score
0.04%
Published
2024-03-05
Updated
2024-03-05
Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attackers to execute arbitrary code.
Max CVSS
6.4
EPSS Score
0.04%
Published
2024-03-05
Updated
2024-03-05
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image.
Max CVSS
7.2
EPSS Score
0.09%
Published
2014-08-25
Updated
2014-08-28
The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.
Max CVSS
1.9
EPSS Score
0.08%
Published
2014-08-25
Updated
2016-07-13
The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data.
Max CVSS
7.2
EPSS Score
0.08%
Published
2014-08-25
Updated
2016-07-13
5 vulnerabilities found