Security Notifications

Security researchers at ESET discovered BootKitty which is the first known UEFI bootkit that targets Linux.

CVE-2024-36877
Certain Micro-Star International (MSI) motherboards have a buffer overflow vulnerability which allows an attacker to execute arbitrary code.

CVE-2024-8105
The Binarly Research Team recently published a report about the firmware vulnerability PKfail. Because of this vulnerability, certain devices shipped with insecure Platform Keys (PK). These keys are used in a test/development environment and were not intended to be shipped with a production-ready device.

CVE-2024-3094 | CISA Alert | Ubuntu Alert
On March 28th, 2024, it was discovered that a sophisticated social engineering attack introduced a backdoor in the XZ Utils library, which provides data compression and decompression services and is included in many Linux distributions.

Reference Article
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification used widely in modern computers.

CVE-2023-5058
A new firmware vulnerability called “LogoFAIL” has been disclosed. The flaw exists in the processing of user-supplied splash screen during system boot, which can be exploited by an attacker.