CVE-2024-6564

MEDIUM6.7EPSS 0.02%

Published: 7/8/2024Modified: 4/28/2026

Description

Buffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.

Affected packages (1)

Debian/arm-trusted-firmwarefrom 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-6564