CVE-2024-1633

LOW Year: 2024
CVSS v3 Score
2.0
Low
Weakness Type
CWE-190
View all →

Vulnerability Description

During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not

Related Vulnerabilities

CVE-2024-21105

LOW
CVSS:2.0(Low)

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with ...

CWE-1902024

CVE-2023-20507

LOW
CVSS:2.3(Low)

An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity.

CWE-1902023

CVE-2021-20203

LOW
CVSS:3.2(Low)

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters...

CWE-1902021

CVE-2016-9085

LOW
CVSS:3.3(Low)

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

CWE-1902016

CVE-2018-13053

LOW
CVSS:3.3(Low)

The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.

CWE-1902018

CVE-2019-19004

LOW
CVSS:3.3(Low)

A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.

CWE-1902019