CVE-2024-6287

CVSS V2 None CVSS V3 None

Description

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.

Overview

CVE ID
CVE-2024-6287

Assigner
ASRG

Vulnerability Status
PUBLISHED

Published Version
2024-06-24T15:37:15.953Z

Last Modified Date
2024-06-24T15:37:15.953Z

Weakness Enumerations

CWE	URL
CWE-682	http://cwe.mitre.org/data/definitions/682.html

References

Reference URL	Reference Tags
https://github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675c6b57c571b469b298f04
https://asrg.io/security-advisories/cve-2024-6287/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-6287
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6287

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 17:40:27				Added to TrackCVE