CVE-2022-22965
🚀 Exploit for Spring core RCE in C [ wip ] (by pwnwriter)
CVE-2022-21894
baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability (by Wack0)
| CVE-2022-22965 | CVE-2022-21894 | |
|---|---|---|
| 1 | 5 | |
| 2 | 277 | |
| - | - | |
| 10.0 | 2.4 | |
| over 1 year ago | 9 months ago | |
| C | C | |
| MIT License | The Unlicense |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CVE-2022-22965
Posts with mentions or reviews of CVE-2022-22965.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-03-03.
-
help needed
Here's what I came over with my tests but it's not working. I think I'm missing sth .
CVE-2022-21894
Posts with mentions or reviews of CVE-2022-21894.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-03-08.
-
Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw
ESET described what BlackLotus does to exploit baton drop:
-
BlackLotus UEFI bootkit: Myth confirmed
CVE-2022-21894 PoC: Secure Boot Security Feature Bypass Vulnerability https://github.com/Wack0/CVE-2022-21894
-
First in-the-wild UEFI bootkit bypassing UEFI Secure Boot
The write-up I saw suggests that revoking the Windows bootloader would cause existing install and restore images to fail to boot even with Secure Boot disabled because it checks its own signature, which would be pretty amazing if true: https://github.com/Wack0/CVE-2022-21894
- Baton Drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
What are some alternatives?
When comparing CVE-2022-22965 and CVE-2022-21894 you can also consider the following projects:
log4jscanwin - Log4j Vulnerability Scanner for Windows
Ventoy - A new bootable USB solution.
Spring4Shell-POC - Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965
CVE-2020-0796 - CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
bootkit-samples - Bootkit sample for firmware attack
AreWeAntiCheatYet - A comprehensive and crowd-sourced list of games using anti-cheats and their compatibility with GNU/Linux or Wine.