OESA-2024-2568

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2568

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-2568.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-2568

Upstream

CVE-2024-6285

CVE-2024-6287

Published

2024-12-20T13:07:37Z

Modified

2025-08-12T05:47:46.728485Z

Summary

arm-trusted-firmware security update

Details

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.

Security Fix(es):

Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.(CVE-2024-6285)

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code.

When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.(CVE-2024-6287)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP1 / arm-trusted-firmware

Package

Name: arm-trusted-firmware
Purl: pkg:rpm/openEuler/arm-trusted-firmware&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3-6.oe2203sp1

Ecosystem specific

{
    "src": [
        "arm-trusted-firmware-2.3-6.oe2203sp1.src.rpm"
    ],
    "aarch64": [
        "arm-trusted-firmware-armv8-2.3-6.oe2203sp1.aarch64.rpm"
    ]
}