CVE-2024-25076

July 10, 2024, 8:15 p.m.

Tags

cve@mitre.org
2024-07-10
CVE-2024-25076

Product(s) Impacted

Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices

Description

An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.

Weaknesses

Date

Published: July 10, 2024, 8:15 p.m.

Last Modified: July 10, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2024-0001.md
cve@mitre.org