Howyar Reloader UEFI bootloader vulnerable to unsigned software execution
Posted: Mon Feb 03, 2025 10:08 am
The Howyar UEFI Application "Reloader" (32-bit and 64-bit), distributed as part of SysReturn prior to version 10.2.02320240919, is vulnerable to the execution of arbitrary software from a hard-coded path. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure Boot feature and execute unsigned code during the boot process in the UEFI context.
https://www.kb.cert.org/vuls/id/529659
https://www.kb.cert.org/vuls/id/529659