{"id":"CVE-2024-6564","details":"Buffer overflow in \"rcar_dev_init\"  due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.","modified":"2026-04-11T01:19:47.369842Z","published":"2024-07-08T16:15:09.423Z","references":[{"type":"ADVISORY","url":"https://asrg.io/security-advisories/cve-2024-6564/"},{"type":"FIX","url":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/renesas-rcar/arm-trusted-firmware","events":[{"introduced":"0"},{"fixed":"c9fb3558410032d2660c7f3b7d4b87dec09fe2f2"}]}],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"251979617729504894310367224547136768301","length":2070},"id":"CVE-2024-6564-43e2b2d6","target":{"function":"rcar_dev_init","file":"drivers/renesas/common/io/io_rcar.c"},"source":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2","signature_type":"Function","signature_version":"v1","deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["173392780450128851739472586598126205630","254042079109293560459377645396901342518","239719165754981003447507498081001357229","261546804298522373556310689546044572591","77969450528592171423374278622629591437","51956281109036530976743951812392344755","283819709148832100756073306814601515225","327809843940564965508235143589308704713","327518121974734787093372889406282658808","187382626243277052119487171234477559313","110361182707463918469742935128565763943","298600044211463577362010430094477024450"]},"id":"CVE-2024-6564-6569c08e","target":{"file":"drivers/renesas/common/io/io_rcar.c"},"source":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2","signature_type":"Line","signature_version":"v1","deprecated":false}],"vanir_signatures_modified":"2026-04-11T01:19:47Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6564.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}