Tomer Fichman

**Name of the Vulnerable Software and Affected Versions** Renesas R-Car Gen3 versions (affected versions not specified) **Description** The issue is caused by a buffer overflow in the `rcar dev init` function due to the use of untrusted data (`rcar image number`) as a loop counter before verifying it against `RCAR MAX BL3X IMAGE`. This could lead to a full bypass of secure boot. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Renesas arm-trusted-firmware (affected versions not specified) Description: The issue is related to an integer underflow in image range check calculations, which could allow bypassing address restrictions and loading images to unallowed addresses. This could potentially lead to security breaches by loading malicious images. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Renesas arm-trusted-firmware (affected versions not specified) Description: The issue arises from an incorrect calculation in the code that checks for image overlap with previously loaded images. This oversight allows an attacker to bypass memory range restrictions, potentially overwriting an already loaded image partly or completely. As a result, this could lead to code execution and bypass of secure boot mechanisms. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.