CVE-2024-25076

Name of the Vulnerable Software and Affected Versions Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699

Description An issue was discovered where the bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.

Recommendations For Renesas SmartBond versions DA14691, DA14695, DA14697, and DA14699, consider disabling the bootrom function responsible for validating the Flash Product Header until a patch is available. Restrict access to the QSPI device to minimize the risk of exploitation. Avoid using the Length of Flash Config Section value in the affected bootrom function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.