UBUNTU-CVE-2024-6287

See a problem?
Source
https://ubuntu.com/security/CVE-2024-6287
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6287.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-6287
Related
Published
2024-06-24T16:15:00Z
Modified
2024-10-15T14:17:22Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite an already loaded image partly or completely, which could result in code execution and bypass of secure boot.

References

Affected packages

Ubuntu:24.10 / arm-trusted-firmware

Package

Name
arm-trusted-firmware
Purl
pkg:deb/ubuntu/arm-trusted-firmware?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.10.0+dfsg-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}