CVE-2024-25076
July 10, 2024, 8:15 p.m.
Tags
Product(s) Impacted
Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices
Description
An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.
Weaknesses
Date
Published: July 10, 2024, 8:15 p.m.
Last Modified: July 10, 2024, 8:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
https://github.com/
cve@mitre.org