CVE-2024-6287 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Renesas	Rcar Gen3	v2.5

Related Weaknesses (CWE)

CWE-682

References

https://asrg.io/security-advisories/cve-2024-6287/Third Party Advisory
https://github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675Patch
https://asrg.io/security-advisories/cve-2024-6287/Third Party Advisory
https://github.com/renesas-rcar/arm-trusted-firmware/commit/954d488a9798f8fda675Patch

FAQ

What is CVE-2024-6287?

CVE-2024-6287 is a vulnerability with a CVSS score of 7.5 (HIGH). Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglect...

How severe is CVE-2024-6287?

CVE-2024-6287 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-6287?

Check the references section above for vendor advisories and patch information. Affected products include: Renesas Rcar Gen3.