1197 Vulnerability detection of E2.bin file

  • Updated on Feb 6, 2026
  • 1 minute(s) read
  • VN
 Prev Next

Vulnerability detection of E2.bin file

These preboot (e1.bin, e2.bin, e3.bin) files are critical for operating at the preboot level only.
The files contain drivers needed to load at preboot such as network cards, token, finger print readers,touch screen, smart cards and etc.
From SecureDoc standpoint, these files are not being utilized during the time the device is in Windows OS.
However, the e2.bin file is based on an old Linux Kernel version of 3.10.5 and is current in the latest SD 6.5 version. The PBL uses the old linux kernex that contains the glibc bibrary in the root file system. As such it has been identified to contain the vulnerability.

According to the provided vulnerability list (http://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/version_id-150743/Linux-Linux-Kernel-3.10.5.html), there are some remote exposures but none of them can grant local access. Therefore, our developer does not see any threats here because none of them can be used to attack/infect a system. Furthermore, the PBL does not allow to run any external software, and so none of Local Vulnerabilities can be exploited.
Certainly newer Linux Kernel has much less known vulnerabilities.
The results of virus scanning of our bzImage (aka E2.BIN) file indicate that there are zero complains from all of 54 different Anti-Virus Software.
https://www.virustotal.com/en/file/03fa74e73532c17bfdd23bebf3bb60851f8667b84ec50fcfee9e551eb90d68cc/analysis/1423238065/

It is possible that the vulnerability(s) can be exposed if PBL has PBConnex enabled because the PBL will initialized the Network card thus could potentially open ports.
It is also possible that PBL will always initializes the network regardless PBConnex settings. QA team will need to test and identify this issue.

1.This vulnerability can be used remotely on Linux host, but it requires that Linux host runs “network daemons” like e-mail server, web-server etc. Our PBL does not include such software and even does not open network ports. It is doubtful that this vulnerability can be exploited on PBL system.
2.There is a ticket for this task: SD-12511 and SD-12318

With this ticket SD-12511, the product management and development team will look into upgrading the library to the latest stable version in future SES.

Custom Fields
Version: SecureDoc 6.5, Affects all versions of SD

Related articles