nvd-json-data-feeds/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json

{
  "id": "CVE-2024-1633",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-02-19T17:15:08.347",
  "lastModified": "2024-02-19T17:15:08.347",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u00a0Because of the way of reading from the image, which base on\u00a032-bit unsigned integer value, it can result to\u00a0an integer overflow.\u00a0An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\n\n Affected git version from\u00a0c2f286820471ed276c57e603762bd831873e5a17 until (not\u00a0\n"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cve@asrg.io",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "PHYSICAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 2.0,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve@asrg.io",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://asrg.io/security-advisories/CVE-2024-1633/",
      "source": "cve@asrg.io"
    }
  ]
}
Auto-Update: 2024-02-19T19:00:34.546187+00:00 2024-02-19 19:00:38 +00:00			`{`
			`"id": "CVE-2024-1633",`
			`"sourceIdentifier": "cve@asrg.io",`
			`"published": "2024-02-19T17:15:08.347",`
			`"lastModified": "2024-02-19T17:15:08.347",`
			`"vulnStatus": "Received",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u00a0Because of the way of reading from the image, which base on\u00a032-bit unsigned integer value, it can result to\u00a0an integer overflow.\u00a0An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\n\n Affected git version from\u00a0c2f286820471ed276c57e603762bd831873e5a17 until (not\u00a0\n"
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "cve@asrg.io",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",`
			`"attackVector": "PHYSICAL",`
			`"attackComplexity": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 2.0,`
			`"baseSeverity": "LOW"`
			`},`
			`"exploitabilityScore": 0.5,`
			`"impactScore": 1.4`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "cve@asrg.io",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-190"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://asrg.io/security-advisories/CVE-2024-1633/",`
			`"source": "cve@asrg.io"`
			`}`
			`]`
			`}`