13 matches found
CVE-2024-25077
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...
CVE-2024-25077
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...
CVE-2024-25076
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value Length of Flash Config Section to control a read from the QSPI device into a fixed siz...
PT-2024-20727 · Renesas · Renesas Smartbond
Name of the Vulnerable Software and Affected Versions: Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699 Description: An issue was discovered where the bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value Length of Flash...
CVE-2024-25076
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value Length of Flash Config Section to control a read from the QSPI device into a fixed siz...
CVE-2024-25077
CVE-2024-25077 affects Renesas SmartBond DA14691/DA14695/DA14697/DA14699. The issue: the Nonce used for on-the-fly flash decryption is stored in an unsigned header, allowing modification without invalidating the secure-boot signature. The decryption engine uses AES in CTR mode without authenticat...
PT-2024-20728 · Renesas · Renesas Smartbond
Name of the Vulnerable Software and Affected Versions: Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699 Description: An issue was discovered where the Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without...
Various Renesas products Security breaches
The Renesas SmartBond DA14691, among others, is a wireless connectivity multi-core microcontroller unit MCU from Renesas, Japan. A security vulnerability exists in various Renesas products, which stems from the fact that the Nonce used to instantly decrypt a flash image is stored in an unsigned...
Various Renesas products Security breaches
The Renesas SmartBond DA14691, among others, is a wireless connectivity multi-core microcontroller unit MCU from Renesas, Japan. A security vulnerability exists in several Renesas products, which originates from the bootrom function responsible for validating the Flash product header directly usi...
CVE-2024-25076
CVE-2024-25076 affects Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom validates the Flash Product Header by reading from a user-controlled size (Length of Flash Config Section) into a fixed-size buffer, enabling a buffer overflow and execution of arbitrary code. Pub...
CVE-2024-25077
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...
CVE-2024-25076
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value Length of Flash Config Section to control a read from the QSPI device into a fixed siz...
CVE-2024-25077
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...