CVE-2024-6564

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-6564
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6564.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-6564
Downstream
Published
2024-07-08T16:15:09.423Z
Modified
2026-01-29T06:19:28.937656Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Buffer overflow in "rcardevinit" due to using due to using untrusted data (rcarimagenumber) as a loop counter before verifying it against RCARMAXBL3X_IMAGE. This could lead to a full bypass of secure boot.

References

Affected packages

Git / github.com/renesas-rcar/arm-trusted-firmware

Affected ranges

Type
GIT
Repo
https://github.com/renesas-rcar/arm-trusted-firmware
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c9fb3558410032d2660c7f3b7d4b87dec09fe2f2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6564.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "source": "https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2",
        "target": {
            "file": "drivers/renesas/common/io/io_rcar.c",
            "function": "rcar_dev_init"
        },
        "id": "CVE-2024-6564-43e2b2d6",
        "digest": {
            "length": 2070.0,
            "function_hash": "251979617729504894310367224547136768301"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2",
        "target": {
            "file": "drivers/renesas/common/io/io_rcar.c"
        },
        "id": "CVE-2024-6564-6569c08e",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "173392780450128851739472586598126205630",
                "254042079109293560459377645396901342518",
                "239719165754981003447507498081001357229",
                "261546804298522373556310689546044572591",
                "77969450528592171423374278622629591437",
                "51956281109036530976743951812392344755",
                "283819709148832100756073306814601515225",
                "327809843940564965508235143589308704713",
                "327518121974734787093372889406282658808",
                "187382626243277052119487171234477559313",
                "110361182707463918469742935128565763943",
                "298600044211463577362010430094477024450"
            ]
        },
        "signature_type": "Line",
        "signature_version": "v1"
    }
]