Skip to main content

Arm Trusted Firmware

4 CVEs product

Monthly

CVE-2024-6564 MEDIUM PATCH This Month

Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Arm Trusted Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-6563 MEDIUM PATCH This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Arm Trusted Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-1633 LOW Monitor

During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow Arm Trusted Firmware
NVD
CVSS 3.1
2.0
EPSS
0.1%
CVE-2016-10319 MEDIUM PATCH This Month

In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Integer Overflow Buffer Overflow Arm Trusted Firmware
NVD GitHub
CVSS 3.0
5.9
EPSS
0.4%
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Arm Trusted Firmware
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Arm Trusted Firmware
NVD GitHub
EPSS 0% CVSS 2.0
LOW Monitor

During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow Arm Trusted Firmware
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Integer Overflow Buffer Overflow Arm Trusted Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy