N/A

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.

N/A

密码学签名的验证不恰当

fwupd 数据伪造问题漏洞

fwupd是一款支持Linux平台上的会话软件固件更新的插件。 fwupd中存在数据伪造问题漏洞。该漏洞源于网络系统或产品未充分验证数据的来源或真实性。攻击者可利用伪造的数据进行攻击。

N/A

N/A