CVE-2024-4760 MEDIUM

CVE-2024-4760: Voltage glitch during startup of the EEFC NVM controller can bypass the security bit

Vendor Microchip
Product SAME70
Weakness CWE-1247
Published May 16, 2024
Last update June 6, 2025

CVSS base score

6.3/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.

Key dates

02Disclosure timeline

May 16, 2024 CVE published
June 6, 2025 Record updated