CVE-2024-30212 HIGH

CVE-2024-30212: Microchip Harmony 3 Core library allows read and write access to RAM via a SCSI READ or WRITE command

Vendor Microchip
Product MPLAB® Harmony 3 Core Module
Weakness CWE-190
Published May 28, 2024
Last update February 13, 2025

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to write to this memory area. If RAM contains pointers, those can be - depending on the application - overwritten to return data from any other offset including Progam and Boot Flash.

Key dates

02Disclosure timeline

May 28, 2024 CVE published
February 13, 2025 Record updated