Описание
Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.
Ссылки
- Third Party Advisory
- https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2Patch
- Third Party Advisory
- https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:renesas:arm-trusted-firmware:-:*:*:*:*:*:*:*
EPSS
Процентиль: 4%
0.00019
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-120
CWE-120
Связанные уязвимости
CVSS3: 6.7
ubuntu
больше 1 года назад
Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.
CVSS3: 6.7
debian
больше 1 года назад
Buffer overflow in "rcar_dev_init" due to using due to using untruste ...
CVSS3: 6.7
github
больше 1 года назад
Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.
EPSS
Процентиль: 4%
0.00019
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-120
CWE-120