How severe is CVE-2024-6563?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2024-6563?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2024-6563

MEDIUM Year: 2024

CVSS v3 Score

6.7

Medium

Weakness Type

CWE-120

View all →

Vulnerability Description

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C . In line 313 "addr_loaded_cnt" is checked not to be "CHECK_IMAGE_AREA_CNT" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of "dst" will be written to the area immediately after the buffer, which is "addr_loaded_cnt". This will allow an attacker to freely control the value of "addr_loaded_cnt" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value ("len") they desire.

CVE-2017-13308

MEDIUM

CVSS:6.7(Medium)

In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege wit...

CWE-1202017

CVE-2018-1000117

MEDIUM

CVSS:6.7(Medium)

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, lik...

CWE-1202018

CVE-2020-11183

MEDIUM

CVSS:6.7(Medium)

A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consume...

CWE-1202020

CVE-2020-12374

MEDIUM

CVSS:6.7(Medium)

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege vi...

CWE-1202020

CVE-2020-12465

MEDIUM

CVSS:6.7(Medium)

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragment...

CWE-1202020

CVE-2020-36158

MEDIUM

CVSS:6.7(Medium)

mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-...

CWE-1202020

CVE-2024-6563

Vulnerability Description

Related Vulnerabilities

CVE-2017-13308

CVE-2018-1000117

CVE-2020-11183

CVE-2020-12374

CVE-2020-12465

CVE-2020-36158