{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T08:50:06.443","vulnerabilities":[{"cve":{"id":"CVE-2024-6563","sourceIdentifier":"cve@asrg.io","published":"2024-07-08T16:15:09.210","lastModified":"2024-11-21T09:49:53.527","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .\n\n\n\n\nIn line 313 \"addr_loaded_cnt\" is checked not to be \"CHECK_IMAGE_AREA_CNT\" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of \"dst\" will be written to the area immediately after the buffer, which is \"addr_loaded_cnt\". This will allow an attacker to freely control the value of \"addr_loaded_cnt\" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value (\"len\") they desire."},{"lang":"es","value":"La vulnerabilidad de copia de búfer sin verificar el tamaño de la entrada ('desbordamiento de búfer clásico') en el firmware arm-trusted-de Renesas permite la ejecución local de código. Esta vulnerabilidad está asociada a archivos de programa https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com /renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C. En la línea 313 se verifica que \"addr_loaded_cnt\" no sea \"CHECK_IMAGE_AREA_CNT\" (5) o mayor; esta verificación no detiene la función. Inmediatamente después (línea 317) habrá un desbordamiento en el búfer y el valor de \"dst\" se escribirá en el área inmediatamente después del búfer, que es \"addr_loaded_cnt\". Esto permitirá a un atacante controlar libremente el valor de \"addr_loaded_cnt\" y así controlar el destino de la escritura inmediatamente después (línea 318). La escritura en la línea 318 será entonces totalmente controlada por dicho atacante, con cualquier dirección y cualquier valor (\"len\") que desee."}],"metrics":{"cvssMetricV31":[{"source":"cve@asrg.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve@asrg.io","type":"Secondary","description":[{"lang":"en","value":"CWE-120"},{"lang":"en","value":"CWE-123"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:renesas:arm-trusted-firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"16A2BDC3-F664-4132-8148-9DB849240F8B"}]}]}],"references":[{"url":"https://asrg.io/security-advisories/cve-2024-6563/","source":"cve@asrg.io","tags":["Third Party Advisory"]},{"url":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/235f85b654a031f7647e81b86fc8e4ffeb430164","source":"cve@asrg.io","tags":["Patch"]},{"url":"https://asrg.io/security-advisories/cve-2024-6563/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/235f85b654a031f7647e81b86fc8e4ffeb430164","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}