13 matches found
CVE-2024-25077
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...
CVE-2024-25077
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...
CVE-2024-25076
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value Length of Flash Config Section to control a read from the QSPI device into a fixed siz...
CVE-2024-25076
CVE-2024-25076 affects Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom validates the Flash Product Header by reading from a user-controlled size (Length of Flash Config Section) into a fixed-size buffer, enabling a buffer overflow and execution of arbitrary code. Pub...
PT-2024-20727 · Renesas · Renesas Smartbond
Name of the Vulnerable Software and Affected Versions: Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699 Description: An issue was discovered where the bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value Length of Flash...
CVE-2024-25076
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value Length of Flash Config Section to control a read from the QSPI device into a fixed siz...
CVE-2024-25077
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...
PT-2024-20728 · Renesas · Renesas Smartbond
Name of the Vulnerable Software and Affected Versions: Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699 Description: An issue was discovered where the Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without...
Various Renesas products Security breaches
The Renesas SmartBond DA14691, among others, is a wireless connectivity multi-core microcontroller unit MCU from Renesas, Japan. A security vulnerability exists in several Renesas products, which originates from the bootrom function responsible for validating the Flash product header directly usi...
CVE-2024-25076
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value Length of Flash Config Section to control a read from the QSPI device into a fixed siz...
CVE-2024-25077
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Becau...
Various Renesas products Security breaches
The Renesas SmartBond DA14691, among others, is a wireless connectivity multi-core microcontroller unit MCU from Renesas, Japan. A security vulnerability exists in various Renesas products, which stems from the fact that the Nonce used to instantly decrypt a flash image is stored in an unsigned...
CVE-2024-25077
CVE-2024-25077 affects Renesas SmartBond DA14691/DA14695/DA14697/DA14699. The issue: the Nonce used for on-the-fly flash decryption is stored in an unsigned header, allowing modification without invalidating the secure-boot signature. The decryption engine uses AES in CTR mode without authenticat...