An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length of Flash Config Section) to control a read from the QSPI device into a fixed sized buffer, resulting in a buffer overflow and execution of arbitrary code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-10T00:00:00
Updated: 2024-08-01T23:36:21.276Z
Reserved: 2024-02-04T00:00:00
Link: CVE-2024-25076
Vulnrichment
Updated: 2024-08-01T23:36:21.276Z
NVD
Status : Awaiting Analysis
Published: 2024-07-10T20:15:02.933
Modified: 2024-07-11T15:05:28.443
Link: CVE-2024-25076
Redhat
No data.