CVE-2024-4760
6.3
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microchip | SAME70 | 0 | affected |
| Microchip | SAMS70 | 0 | affected |
| Microchip | SAMV70 | 0 | affected |
| Microchip | SAMV71 | 0 | affected |
| Microchip | SAMG55 | 0 | affected |
| Microchip | SAM4C | 0 | affected |
| Microchip | SAM4S | 0 | affected |
| Microchip | SAM4N | 0 | affected |
| Microchip | SAM4E | 0 | affected |
| Microchip | SAM3S | 0 | affected |
| Microchip | SAM3N | 0 | affected |
| Microchip | SAM3U | 0 | affected |
Weaknesses
- CWE-1247: CWE-1247: Improper Protection Against Voltage and Clock Glitches
Workarounds
Please contact Microchip to obtain the appropriate patch for your devices, which are available as binary code updates.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
- https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/
- https://ww1.microchip.com/downloads/aemDocuments/documents/MCU32/ProductDocuments/SupportingCollateral/Security-Advisory-CVE-2024-4760.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.