Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-6564

6.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months, 1 week ago

Buffer overflow in Rensas RCAR

Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.

References

https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660…
https://asrg.io/security-advisories/cve-2024-6564/ third-party-advisory
https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660…
https://asrg.io/security-advisories/cve-2024-6564/ third-party-advisory
https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660…
https://asrg.io/security-advisories/cve-2024-6564/ third-party-advisory
https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660… x_transferred
https://asrg.io/security-advisories/cve-2024-6564/ third-party-advisory x_transferred

Affected products

rcar_gen3_v2.5

=<c9fb3558410032d2660c7f3b7d4b87dec09fe2f2

arm-trusted-firmware

=<c9fb3558410032d2660c7f3b7d4b87dec09fe2f2