Tomer.Fichman@Cymotive.Com

**Name of the Vulnerable Software and Affected Versions** Bootloader versions c2f286820471ed276c57e603762bd831873e5a17 and later **Description** The issue occurs during the secure boot process, where the second stage of the bootloader, bl2, loops over images defined in the table "bl2 mem params descs". For each image, bl2 reads the image length and destination from the image's certificate, which is based on a 32-bit unsigned integer value. This can result in an integer overflow, allowing an attacker to bypass memory range restrictions and write data out of buffer bounds, potentially bypassing secure boot. **Recommendations** For versions c2f286820471ed276c57e603762bd831873e5a17 and later, consider disabling the bl2 function until a patch is available to prevent potential exploitation. Restrict access to the "bl2 mem params descs" table to minimize the risk of exploitation. Avoid using the `image length` and `destination` variables in the affected certificate reading process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.