Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Ver…
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.
The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.
https://cwe.mitre.org/data/definitions/1274.html →Open in CWE collection →An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
https://capec.mitre.org/data/definitions/456.html →Open in CAPEC collection →https://capec.mitre.org/data/definitions/679.html →Open in CAPEC collection →
| Product | Vendor | Status |
|---|---|---|
| bravo_compute_box_firmware | * | Tracked |