CVE-2024-1633

{"id": "CVE-2024-1633", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@asrg.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.0, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 0.5}]}, "published": "2024-02-19T17:15:08.347", "references": [{"url": "https://asrg.io/security-advisories/CVE-2024-1633/", "tags": ["Third Party Advisory"], "source": "cve@asrg.io"}, {"url": "https://asrg.io/security-advisories/CVE-2024-1633/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@asrg.io", "description": [{"lang": "en", "value": "CWE-190"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u00a0Because of the way of reading from the image, which base on\u00a032-bit unsigned integer value, it can result to\u00a0an integer overflow.\u00a0An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\n\n Affected git version from\u00a0c2f286820471ed276c57e603762bd831873e5a17 until (not\u00a0\n"}, {"lang": "es", "value": "Durante el arranque seguro, bl2 (la segunda etapa del gestor de arranque) recorre las im\u00e1genes definidas en la tabla \"bl2_mem_params_descs\". Para cada imagen, el bl2 lee la longitud y el destino de la imagen en el certificado de la imagen. Debido a la forma de leer la imagen, que se basa en un valor entero sin signo de 32 bits, puede provocar un desbordamiento de enteros. Un atacante puede eludir la restricci\u00f3n del rango de memoria y escribir datos fuera de los l\u00edmites del b\u00fafer, lo que podr\u00eda provocar la omisi\u00f3n del inicio seguro. Versi\u00f3n de git afectada desde c2f286820471ed276c57e603762bd831873e5a17 hasta (no"}], "lastModified": "2025-01-24T15:21:06.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:renesas:arm-trusted-firmware:rcar_gen3_2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A34F3FE3-C1EE-4C6B-8323-D82590784CA5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:renesas:r-car_d3e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7B20C33B-DBE7-41B5-8934-A457D0406247"}, {"criteria": "cpe:2.3:h:renesas:r-car_e3e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6BB57A69-E624-4CE6-B3BE-3095DD52DF21"}, {"criteria": "cpe:2.3:h:renesas:r-car_h3e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "16309BD2-C8EE-49BE-9C0E-6785AD5B5AE8"}, {"criteria": "cpe:2.3:h:renesas:r-car_h3ne:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5AA982FE-883B-488E-8C33-956FFEE78124"}, {"criteria": "cpe:2.3:h:renesas:r-car_m3e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5C59110-27F5-4D0D-83D1-293A154CEC54"}, {"criteria": "cpe:2.3:h:renesas:r-car_m3ne:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B33C8369-B9E4-47E2-AA28-64E320B88E3E"}, {"criteria": "cpe:2.3:h:renesas:r-car_v3h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4E89977-FF22-49AD-A250-A5259BCF2899"}, {"criteria": "cpe:2.3:h:renesas:r-car_v3h2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D4041BE-312D-4BEE-85A6-09B8BD71627D"}, {"criteria": "cpe:2.3:h:renesas:r-car_v3m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5EBC200B-D7C2-4075-92EC-A508A11F1379"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@asrg.io"}