USB SCSI READ(10) Command Vulnerability: Exposing Full RAM
CVE-2024-30212

7HIGH

Key Information:

Vendor

Microchip

Status
Mplab® Harmony 3 Core Module
Vendor
CVE Published:
28 May 2024

What is CVE-2024-30212?

A vulnerability exists in Microchip's MPLAB Harmony where executing a SCSI READ(10) command via USB can potentially expose sensitive memory areas. By utilizing the maximum logical block address (LBA) and specifying a default block size and count, attackers can access the initial bytes of memory, with the risk of providing access to the entire RAM if the block count is increased. Furthermore, the same exploit can manipulate memory to write to designated areas. This can lead to unauthorized access to critical data and potentially compromise the integrity of applications by overwriting pointers, which may allow retrieval of information from program and boot flash memory.

Affected Version(s)

MPLAB® Harmony 3 Core Module 3.0.0 < 3.13.4

References

https://github.com/Microchip-MPLAB-Harmony/core/commit/d4...
patchmitigation
https://github.com/Microchip-MPLAB-Harmony/core/blob/mast...
release-notes
https://github.com/Fehr-GmbH/blackleak

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fehr GmbH
.
CVE-2024-30212 : USB SCSI READ(10) Command Vulnerability: Exposing Full RAM