7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows
Local Execution of Code.
When checking whether a new image invades/overlaps with a previously loaded
image the code neglects to consider a few cases. that could An attacker to
bypass memory range restriction and overwrite an already loaded image
partly or completely, which could result in code execution and bypass of
secure boot.
Author | Note |
---|---|
eslerm | u-boot is built with arm-trusted-firmware |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%