CVE-2024-6287

EPSS 0.19%
Veröffentlicht 24.06.2024 16:15:11
Zuletzt bearbeitet 21.11.2024 09:49:21
Quelle cve@asrg.io
CVE-Watchlists
Login
Unerledigt
Login

Incorrect Address Range Calculations

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code.


When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Renesas ≫ Rcar Gen3 Versionv2.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.087

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@asrg.io	7.5	0.8	6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://asrg.io/security-advisories/cve-2024-6287/

Third Party Advisory

https://github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675c6b57c571b469b298f04

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-6287

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6287

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6287

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6287