Scp Firmware
CVE-2024-9413
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (arm) · only source for this CVE.
CVSS VectorVendor: arm
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.
AnalysisAI
The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-755. The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware. Affected products include: Arm Scp Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Scp Firmware
View allSpecifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may l
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may l
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today