2.0 LOW
- CVSS version: 3.1
- Attack vector (AV): PHYSICAL
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): NONE
FIP Header Integer Overflow
During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not
References
Affected products
- ==v2.5
Matching in nixpkgs
pkgs.armTrustedFirmwareQemu
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable 2.13.0
pkgs.armTrustedFirmwareS905
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable 2.13.0
pkgs.armTrustedFirmwareTools
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable 2.13.0
pkgs.armTrustedFirmwareRK3328
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable rk3328-2.13.0
pkgs.armTrustedFirmwareRK3399
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable rk3399-2.13.0
pkgs.armTrustedFirmwareRK3568
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable rk3568-2.13.0
pkgs.armTrustedFirmwareRK3588
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable rk3588-2.13.0
pkgs.armTrustedFirmwareAllwinner
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable sun50i_a64-2.13.0
pkgs.armTrustedFirmwareAllwinnerH6
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable sun50i_h6-2.13.0
pkgs.armTrustedFirmwareAllwinnerH616
Reference implementation of secure world software for ARMv8-A
-
nixos-unstable -
- nixpkgs-unstable sun50i_h616-2.13.0
Package maintainers
-
@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>