Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-6285

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months, 1 week ago

Integer Underflow in Memory Range Check in Renesas RCAR

Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.

References

https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0… patch
https://asrg.io/security-advisories/cve-2024-6285/ third-party-advisory
https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0… patch
https://asrg.io/security-advisories/cve-2024-6285/ third-party-advisory
https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0… patch x_transferred
https://asrg.io/security-advisories/cve-2024-6285/ third-party-advisory x_transferred

Affected products

rcar_gen3_v2.5

<b596f580637bae919b0ac3a5471422a1f756db3b

arm-trusted-firmware

<b596f580637bae919b0ac3a5471422a1f756db3b