Damiano Melotti

**Name of the Vulnerable Software and Affected Versions** Little Kernel in bootloader versions prior to SMR Mar-2024 Release 1 **Description** The issue is a stack overflow in the Little Kernel in the bootloader, which allows local privileged attackers to execute arbitrary code. This can be exploited by privileged attackers. **Recommendations** For versions prior to SMR Mar-2024 Release 1, update to SMR Mar-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the bootloader to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libsthmbc.so versions prior to SMR Feb-2024 Release 1 **Description** The issue is related to Out-of-bounds Write vulnerabilities in the `svc1td vld plh ap` function of `libsthmbc.so`. This allows local attackers to trigger a buffer overflow. **Recommendations** For versions prior to SMR Feb-2024 Release 1, update to the SMR Feb-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `svc1td vld plh ap` function until a patch is available.