CVE-2024-1633

Published: Feb 19, 2024Modified: Jun 17, 2026

2.0

Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 0.5 / Impact: 1.4

Source: NVD

Description

During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not

Affected (1)

Products: Renesas: Arm Trusted Firmware

Renesas

1 product

Arm Trusted Firmware

Configuration A

1 vulnerable · 9 platform

Vulnerable Software	Affected Versions
Renesas Arm Trusted Firmware	Version rcar_gen3_2.5

Running on/with	Platform Versions
Renesas R Car D3e	All versions
Renesas R Car E3e	All versions
Renesas R Car H3e	All versions
Renesas R Car H3ne	All versions
Renesas R Car M3e	All versions
Renesas R Car M3ne	All versions
Renesas R Car V3h	All versions
Renesas R Car V3h2	All versions
Renesas R Car V3m	All versions

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (2)

https://asrg.io/security-advisories/CVE-2024-1633/

Source: cve@asrg.io

Third Party Advisory

https://asrg.io/security-advisories/CVE-2024-1633/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.