CVE-2024-1633 - Vulnerability Details

During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Renesas	Arm-trusted-firmware R-car D3e R-car E3e R-car H3e R-car H3ne R-car M3e R-car M3ne R-car V3h R-car V3h2 R-car V3m

Configuration 1 [-]

AND

cpe:2.3:o:renesas:arm-trusted-firmware:rcar_gen3_2.5:*:*:*:*:*:*:*

OR	cpe:2.3:h:renesas:r-car_d3e:-:::::::*
	cpe:2.3:h:renesas:r-car_e3e:-:::::::*
	cpe:2.3:h:renesas:r-car_h3e:-:::::::*
	cpe:2.3:h:renesas:r-car_h3ne:-:::::::*
	cpe:2.3:h:renesas:r-car_m3e:-:::::::*
	cpe:2.3:h:renesas:r-car_m3ne:-:::::::*
	cpe:2.3:h:renesas:r-car_v3h:-:::::::*
	cpe:2.3:h:renesas:r-car_v3h2:-:::::::*
	cpe:2.3:h:renesas:r-car_v3m:-:::::::*

No data.

References

Link	Providers
https://asrg.io/security-advisories/CVE-2024-1633/

History

Fri, 24 Jan 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Renesas Renesas arm-trusted-firmware Renesas r-car D3e Renesas r-car E3e Renesas r-car H3e Renesas r-car H3ne Renesas r-car M3e Renesas r-car M3ne Renesas r-car V3h Renesas r-car V3h2 Renesas r-car V3m
CPEs		cpe:2.3:h:renesas:r-car_d3e:-:::::::* cpe:2.3:h:renesas:r-car_e3e:-:::::::* cpe:2.3:h:renesas:r-car_h3e:-:::::::* cpe:2.3:h:renesas:r-car_h3ne:-:::::::* cpe:2.3:h:renesas:r-car_m3e:-:::::::* cpe:2.3:h:renesas:r-car_m3ne:-:::::::* cpe:2.3:h:renesas:r-car_v3h2:-:::::::* cpe:2.3:h:renesas:r-car_v3h:-:::::::* cpe:2.3:h:renesas:r-car_v3m:-:::::::* cpe:2.3:o:renesas:arm-trusted-firmware:rcar_gen3_2.5:::::::*
Vendors & Products		Renesas Renesas arm-trusted-firmware Renesas r-car D3e Renesas r-car E3e Renesas r-car H3e Renesas r-car H3ne Renesas r-car M3e Renesas r-car M3ne Renesas r-car V3h Renesas r-car V3h2 Renesas r-car V3m

MITRE

Status: PUBLISHED

Assigner: ASRG

Published: 2024-02-19T16:42:29.949Z

Updated: 2024-08-01T18:48:20.650Z

Reserved: 2024-02-19T16:36:31.290Z

Link: CVE-2024-1633

Vulnrichment

Updated: 2024-08-01T18:48:20.650Z

NVD

Status : Analyzed

Published: 2024-02-19T17:15:08.347

Modified: 2025-01-24T15:21:06.727

Link: CVE-2024-1633

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object