Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvdDc3f6da9-85b5-4a73-84a2-2ec90b40fca5NVD:CVE-2024-30212
HistoryMay 28, 2024 - 4:15 p.m.

CVE-2024-30212

2024-05-2816:15:15
CWE-190
dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
web.nvd.nist.gov
2
usb
scsi
ram exposure
write
pointers
program flash
boot flash

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

If a SCSI READ(10) command is initiated via USB using the largest LBA
(0xFFFFFFFF) with it’s default block size of 512 and a count of 1,

the first 512 byte of the 0x80000000 memory area is returned to the
user. If the block count is increased, the full RAM can be exposed.

The same method works to write to this memory area. If RAM contains
pointers, those can be - depending on the application - overwritten to

return data from any other offset including Progam and Boot Flash.

Related

cvelist 1
cve 1
osv 1
cvelist
cvelist
CVE-2024-30212 Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command
2024-05-28 16:07:52
cve
cve
CVE-2024-30212
2024-05-28 16:15:15
osv
osv
CVE-2024-30212
2024-05-28 16:15:15

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for NVD:CVE-2024-30212
cvelist1cve1osv1