CVE-2024-6563

Name of the Vulnerable Software and Affected Versions Renesas arm-trusted-firmware versions prior to the fixed version

Description The issue is related to a Buffer Copy without Checking Size of Input, also known as a 'Classic Buffer Overflow', which allows Local Execution of Code. This is associated with program files in the Renesas arm-trusted-firmware. Specifically, in line 313, addr loaded cnt is checked not to be CHECK IMAGE AREA CNT (5) or larger, but this check does not halt the function. Immediately after, in line 317, there will be an overflow in the buffer, and the value of dst will be written to the area immediately after the buffer, which is addr loaded cnt. This allows an attacker to freely control the value of addr loaded cnt and thus control the destination of the write immediately after, in line 318, with whichever address and whichever value (len) they desire.

Recommendations As a temporary workaround, consider disabling the vulnerable function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the dst and len parameters in the affected code until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.