Lucene search
HistoryJun 24, 2024 - 4:15 p.m.
CVE-2024-6285
cve-2024-6285
vulnerability
renesas
firmware
image range
bypass
address restrictions
integer underflow
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware.
An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.
Affected configurations
Node
renesasrcar_gen3Matchv2.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| renesas:rcar_gen3 | renesas rcar gen3 | eq | v2.5 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "arm-trusted-firmware",
"product": "rcar_gen3_v2.5",
"programFiles": [
"https://github.com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.c"
],
"repo": "https://github.com/renesas-rcar/arm-trusted-firmware",
"vendor": "Renesas",
"versions": [
{
"changes": [
{
"at": "b596f580637bae919b0ac3a5471422a1f756db3b",
"status": "unaffected"
}
],
"lessThan": "b596f580637bae919b0ac3a5471422a1f756db3b",
"status": "affected",
"version": "c2f286820471ed276c57e603762bd831873e5a17",
"versionType": "git"
}
]
}
]Related
cvelist
cvelist
CVE-2024-6285 Integer Underflow in Memory Range Check in Renesas RCAR
2024-06-24 15:32:13
osv
osv
CVE-2024-6285
2024-06-24 16:15:10
vulnrichment
vulnrichment
CVE-2024-6285 Integer Underflow in Memory Range Check in Renesas RCAR
2024-06-24 15:32:13
nvd
nvd
CVE-2024-6285
2024-06-24 16:15:10
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
Related for CVE-2024-6285