Skip to main content

CVE-2024-30212

HIGH
Integer Overflow or Wraparound (CWE-190)
2024-05-28 dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
7.0
CVSS 4.0 · Vendor: dc3f6da9-85b5-4a73-84a2-2ec90b40fca5
Share

Severity by source

Vendor (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5) PRIMARY
7.0 HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (dc3f6da9-85b5-4a73-84a2-2ec90b40fca5) · only source for this CVE.

CVSS VectorVendor: dc3f6da9-85b5-4a73-84a2-2ec90b40fca5

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
CVE Published
May 28, 2024 - 16:15 cve.org
HIGH 7.0

DescriptionCVE.org

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1,

the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed.

The same method works to write to this memory area. If RAM contains pointers, those can be - depending on the application - overwritten to

return data from any other offset including Progam and Boot Flash.

AnalysisAI

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to write to this memory area. If RAM contains pointers, those can be - depending on the application - overwritten to return data from any other offset including Progam and Boot Flash.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

Share

CVE-2024-30212 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy