CVE-2024-4760

Summary

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.

Affected Software

VendorProductVersion RangeStatus
MicrochipSAME700affected
MicrochipSAMS700affected
MicrochipSAMV700affected
MicrochipSAMV710affected
MicrochipSAMG550affected
MicrochipSAM4C0affected
MicrochipSAM4S0affected
MicrochipSAM4N0affected
MicrochipSAM4E0affected
MicrochipSAM3S0affected
MicrochipSAM3N0affected
MicrochipSAM3U0affected

Weaknesses

  • CWE-1247: CWE-1247: Improper Protection Against Voltage and Clock Glitches

Workarounds

Please contact Microchip to obtain the appropriate patch for your devices, which are available as binary code updates.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References