CVE-2024-6287

EPSS 0.01%
Veröffentlicht 24.06.2024 16:15:11
Zuletzt bearbeitet 21.11.2024 09:49:21
Quelle cve@asrg.io
CVE-Watchlists
Login
Unerledigt
Login

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code.


When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Renesas ≫ Rcar Gen3 Versionv2.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.008

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@asrg.io	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://asrg.io/security-advisories/cve-2024-6287/

Third Party Advisory

https://github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675c6b57c571b469b298f04

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-6287

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6287

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6287

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6287