CVE-2024-6285 - OpenCVE

Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Renesas	Rcar Gen3

Configuration 1 [-]

cpe:2.3:a:renesas:rcar_gen3:v2.5:*:*:*:*:*:*:*

References

Link	Resource
https://asrg.io/security-advisories/cve-2024-6285/	Third Party Advisory
https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ASRG

Published: 2024-06-24T15:32:13.776Z

Updated: 2024-06-24T20:18:19.015Z

Reserved: 2024-06-24T15:12:23.397Z

Link: CVE-2024-6285

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-06-24T16:15:10.763

Modified: 2024-06-26T14:24:38.113

Link: CVE-2024-6285

JSON object: View

Redhat Information

No data.

CWE

CWE-191

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6285", "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "state": "PUBLISHED", "assignerShortName": "ASRG", "dateReserved": "2024-06-24T15:12:23.397Z", "datePublished": "2024-06-24T15:32:13.776Z", "dateUpdated": "2024-06-24T20:18:19.015Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "arm-trusted-firmware", "product": "rcar_gen3_v2.5", "programFiles": ["https://github.com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.c"], "repo": "https://github.com/renesas-rcar/arm-trusted-firmware", "vendor": "Renesas", "versions": [{"changes": [{"at": "b596f580637bae919b0ac3a5471422a1f756db3b", "status": "unaffected"}], "lessThan": "b596f580637bae919b0ac3a5471422a1f756db3b", "status": "affected", "version": "c2f286820471ed276c57e603762bd831873e5a17", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tomer Fichman"}], "datePublic": "2023-04-23T09:46:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware.<br>An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.\n\n<br>"}], "value": "Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware.\nAn integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses."}], "impacts": [{"capecId": "CAPEC-578", "descriptions": [{"lang": "en", "value": "CAPEC-578 Disable Security Software"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "CWE-191 Integer Underflow (Wrap or Wraparound)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba", "shortName": "ASRG", "dateUpdated": "2024-06-24T15:32:13.776Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b"}, {"tags": ["third-party-advisory"], "url": "https://asrg.io/security-advisories/cve-2024-6285/"}], "source": {"discovery": "UNKNOWN"}, "title": "Integer Underflow in Memory Range Check in Renesas RCAR", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "renesas", "product": "rcar_gen3_v2.5", "cpes": ["cpe:2.3:a:renesas:rcar_gen3_v2.5:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "c2f286820471ed276c57e603762bd831873e5a17", "status": "affected", "lessThan": "b596f580637bae919b0ac3a5471422a1f756db3b", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-24T20:03:17.195472Z", "id": "CVE-2024-6285", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T20:18:19.015Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:renesas:rcar_gen3:v2.5:*:*:*:*:*:*:*", "matchCriteriaId": "61D55B7B-8BDE-4855-914D-62371B0354CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware.\nAn integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses."}, {"lang": "es", "value": "Vulnerabilidad de desbordamiento de enteros (Wrap o Wraparound) en Renesas arm-trusted-firmware. Un desbordamiento insuficiente de enteros en los c\u00e1lculos de verificaci\u00f3n del rango de im\u00e1genes podr\u00eda provocar que se eludan las restricciones de direcciones y se carguen im\u00e1genes en direcciones no permitidas."}], "id": "CVE-2024-6285", "lastModified": "2024-06-26T14:24:38.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "cve@asrg.io", "type": "Secondary"}]}, "published": "2024-06-24T16:15:10.763", "references": [{"source": "cve@asrg.io", "tags": ["Third Party Advisory"], "url": "https://asrg.io/security-advisories/cve-2024-6285/"}, {"source": "cve@asrg.io", "tags": ["Patch"], "url": "https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b"}], "sourceIdentifier": "cve@asrg.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-191"}], "source": "cve@asrg.io", "type": "Secondary"}]}