Bugzilla – Bug 1227540
VUL-0: CVE-2024-6564: arm-trusted-firmware: Buffer overflow in "rcar_dev_init" due to using untrusted data as a loop counter
Last modified: 2024-07-19 07:21:09 UTC
Buffer overflow in "rcar_dev_init" due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6564 https://www.cve.org/CVERecord?id=CVE-2024-6564 https://asrg.io/security-advisories/cve-2024-6564/ https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2
The only TF-A package wich we distribute is using upstream repository [1],[2]. Further we officially distribute TF-A package for RPi4 [3] only, because of device constraints. Firmware, TF-A in this case, is supposed to be distributed by platform/device vendors. So I whould say that we are not affected. [1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git [2] https://build.opensuse.org/package/show/hardware:boot/arm-trusted-firmware [3] arm-trusted-firmware:rpi4