We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-1633

FIP Header Integer Overflow



Description

During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not

Reserved 2024-02-19 | Published 2024-02-19 | Updated 2024-08-01 | Assigner ASRG


LOW: 2.0CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status
unaffected

v2.5
affected

Credits

Tomer.Fichman@cymotive.com finder

References

asrg.io/security-advisories/CVE-2024-1633/

cve.org (CVE-2024-1633)

nvd.nist.gov (CVE-2024-1633)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-1633

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.
MonTueWedThuFriSatSun
311234567891011121314151617181920212223242526272829301234567891011
MonTueWedThuFriSatSun
311234567891011121314151617181920212223242526272829301234567891011