Lucene search

ASRGVULNRICHMENT:CVE-2024-6287

HistoryJun 24, 2024 - 3:37 p.m.

CVE-2024-6287 Incorrect Address Range Calculations

2024-06-2415:37:15

CWE-682

ASRG

github.com

cve-2024-6287

renesas arm-trusted-firmware

calculation vulnerability

local execution of code

memory range restriction

secure boot bypass

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code.

When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:renesas:rcar_gen3_firmware:v2.5:*:*:*:*:*:*:*"
    ],
    "vendor": "renesas",
    "product": "rcar_gen3_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "v2.5"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

asrg.io/security-advisories/cve-2024-6287/

github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675c6b57c571b469b298f04

CVSS3

7.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-6287