CVE-2024-1633 LOW

CVE-2024-1633: FIP Header Integer Overflow

Vendor Renesas
Product rcar_gen3_v2.5
Weakness CWE-190
Published February 19, 2024
Last update August 1, 2024

CVSS base score

2.0/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not 

Key dates

02Disclosure timeline

February 19, 2024 CVE published
August 1, 2024 Record updated