Search CVE reports
1 – 7 of 7 results
CVE-2024-6564
Medium priorityBuffer overflow in "rcar_dev_init" due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.
1 affected packages
arm-trusted-firmware
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
arm-trusted-firmware | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2024-6563
Medium priorityBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program...
1 affected packages
arm-trusted-firmware
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
arm-trusted-firmware | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
CVE-2024-6287
Medium priorityIncorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that...
1 affected packages
arm-trusted-firmware
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
arm-trusted-firmware | Not affected | Not affected | Not affected | — | — |
CVE-2023-49100
Medium priorityTrusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a...
1 affected packages
arm-trusted-firmware
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
arm-trusted-firmware | Not affected | Vulnerable | Vulnerable | Not in release | Not in release |
CVE-2022-47630
Medium priorityTrusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or...
1 affected packages
arm-trusted-firmware
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
arm-trusted-firmware | Vulnerable | Vulnerable | Vulnerable | Not in release | Ignored |
CVE-2021-40327
High priorityTrusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization...
1 affected packages
arm-trusted-firmware
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
arm-trusted-firmware | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
CVE-2018-19440
Medium priorityARM Trusted Firmware-A allows information disclosure.
1 affected packages
arm-trusted-firmware
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
arm-trusted-firmware | Vulnerable | Vulnerable | Vulnerable | Not in release | Not in release |