CVE-2024-6564

Summary

Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.

Affected Software

VendorProductVersion RangeStatus
Renesasrcar_gen3_v2.5c2f286820471ed276c57e603762bd831873e5a17 <= c9fb3558410032d2660c7f3b7d4b87dec09fe2f2affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References