Incorrect Calculation Vulnerability in Renesas arm-trusted-firmware Allows Local Execution of Code
CVE-2024-6287

7.5HIGH

Key Information:

Vendor: Renesas
Status: Rcar Gen3 V2.5
Vendor: CVE Published:; 24 June 2024

What is CVE-2024-6287?

An incorrect calculation vulnerability in Renesas Arm-Trusted-Firmware poses a significant security risk by allowing local execution of code. This vulnerability arises from the firmware's failure to accurately assess whether a new image overlaps with a previously loaded image. An attacker can exploit this flaw to bypass memory range restrictions, enabling them to partially or completely overwrite an already loaded image. The consequences include unauthorized code execution and a potential bypass of secure boot mechanisms, which are critical for maintaining the integrity of secure environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

rcar_gen3_v2.5 6a96c18c474e6339fab93f54d52aa7dcc4b70e52 < 954d488a9798f8fda675c6b57c571b469b298f04

References

https://github.com/renesas-rcar/arm-trusted-firmware/comm...

https://asrg.io/security-advisories/cve-2024-6287/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 24, 2024
Vulnerability Reserved
Jun 24, 2024

Credit

Tomer Fichman

JSON

Renesas

What is CVE-2024-6287?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.