CVE-2024-6285

HIGH

Renesas arm-trusted-firmware - Memory Corruption

Title source: llm

Description

Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.

References (2)

[Patch] https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b

View Patch ZIP pw:eip

[Third Party Advisory] https://asrg.io/security-advisories/cve-2024-6285/

Scores

CVSS v3 7.5

EPSS 0.0001

EPSS Percentile 0.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-191

Status published

Products (1)

renesas/rcar_gen3 v2.5

Published Jun 24, 2024

Tracked Since Feb 18, 2026