Your message dated Wed, 08 Jan 2025 00:50:57 +0000
with message-id <[email protected]>
and subject line Bug#1076042: fixed in arm-trusted-firmware 2.12.0+dfsg-1
has caused the Debian Bug report #1076042,
regarding arm-trusted-firmware: CVE-2024-6563 CVE-2024-6564
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1076042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076042
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: arm-trusted-firmware
Version: 2.10.0+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for arm-trusted-firmware.
CVE-2024-6563[0]:
| Buffer Copy without Checking Size of Input ('Classic Buffer
| Overflow') vulnerability in Renesas arm-trusted-firmware allows
| Local Execution of Code. This vulnerability is associated with
| program files https://github.Com/renesas-rcar/arm-trusted-
| firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i...
| https://github.Com/renesas-rcar/arm-trusted-
| firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .
| In line 313 "addr_loaded_cnt" is checked not to be
| "CHECK_IMAGE_AREA_CNT" (5) or larger, this check does not halt the
| function. Immediately after (line 317) there will be an overflow in
| the buffer and the value of "dst" will be written to the area
| immediately after the buffer, which is "addr_loaded_cnt". This will
| allow an attacker to freely control the value of "addr_loaded_cnt"
| and thus control the destination of the write immediately after
| (line 318). The write in line 318 will then be fully controlled by
| said attacker, with whichever address and whichever value ("len")
| they desire.
CVE-2024-6564[1]:
| Buffer overflow in "rcar_dev_init" due to using due to using
| untrusted data (rcar_image_number) as a loop counter before
| verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full
| bypass of secure boot.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-6563
https://www.cve.org/CVERecord?id=CVE-2024-6563
[1] https://security-tracker.debian.org/tracker/CVE-2024-6564
https://www.cve.org/CVERecord?id=CVE-2024-6564
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: arm-trusted-firmware
Source-Version: 2.12.0+dfsg-1
Done: Vagrant Cascadian <[email protected]>
We believe that the bug you reported is fixed in the latest version of
arm-trusted-firmware, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vagrant Cascadian <[email protected]> (supplier of updated
arm-trusted-firmware package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 Jan 2025 16:11:32 -0800
Source: arm-trusted-firmware
Architecture: source
Version: 2.12.0+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Vagrant Cascadian <[email protected]>
Changed-By: Vagrant Cascadian <[email protected]>
Closes: 1074431 1076042
Changes:
arm-trusted-firmware (2.12.0+dfsg-1) experimental; urgency=medium
.
* New upstream release. (Closes: #1074431, #1076042)
Fixes CVE-2024-6563 CVE-2024-6564 CVE-2024-6287 CVE-2024-6285
.
[ Diederik de Haas ]
* debian/patches: Don't ignore '*.patch' files in debian/patches
* d/watch: Switch to mode=git
.
[ Vagrant Cascadian ]
* debian/patches: Refresh use-ldflags-with-fiptool-and-cert-create.
* Remove unlicensed binary
plat/arm/board/common/swd_rotpk/arm_swd_rotpk_rsa_sha256.bin
* debian/patches: Add patch working around undefined "PLAT_MSG".
* debian/patches: Disable fatal warnings passed via ASFLAGS to
workaround build failure. Thanks to Marek
Vasut. https://bugs.debian.org/1091147
* debian/rules: Drop passing --no-warn-rwx-segments via TF_LDFLAGS. It
is now detected in the upstream code weather this flag is supported.
* debian/copyright: Update for 2.12.0.
* debian/rules: Temporarily disable building of rcar target.
* debian/control: Update to Standards Version 4.7.0.
Checksums-Sha1:
f587e0e558a03d952d5563dfdd97d828b45b52ac 1672
arm-trusted-firmware_2.12.0+dfsg-1.dsc
4e7d118d3820ca19844a89c56c4603c1c50b1bb8 8035612
arm-trusted-firmware_2.12.0+dfsg.orig.tar.xz
490593d2cc3b2fb87e8ab6fdb00ccdcf0cfbe27d 10840
arm-trusted-firmware_2.12.0+dfsg-1.debian.tar.xz
4738bca5e7f7662b596fee985755d82bcb578056 5729
arm-trusted-firmware_2.12.0+dfsg-1_amd64.buildinfo
Checksums-Sha256:
770b725fa1c116732f23de70d8c1b22d27e4b41211bc854e216d4e3a91c02575 1672
arm-trusted-firmware_2.12.0+dfsg-1.dsc
03d02a6122e36eae080a944da1b2202797b70f612d71e24442b14e7ce66e9cfd 8035612
arm-trusted-firmware_2.12.0+dfsg.orig.tar.xz
34cce0eb5c5d87a376f53d00d0b4112223d819165fb6c382e144476239121df9 10840
arm-trusted-firmware_2.12.0+dfsg-1.debian.tar.xz
f616468939e77de066b8ac373192f0c92591a971454aa69bb3077d5eab745aa7 5729
arm-trusted-firmware_2.12.0+dfsg-1_amd64.buildinfo
Files:
4315a1e289308f3fde21bb8966f838a8 1672 admin optional
arm-trusted-firmware_2.12.0+dfsg-1.dsc
37370e47f03466f07ed2cf5ca5851e22 8035612 admin optional
arm-trusted-firmware_2.12.0+dfsg.orig.tar.xz
4a1f6b52b1019b4147e71c1375083ba4 10840 admin optional
arm-trusted-firmware_2.12.0+dfsg-1.debian.tar.xz
6a077f8d3bb39799b6f7d22b5621c220 5729 admin optional
arm-trusted-firmware_2.12.0+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iIkEARYKADEWIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZ33FIBMcdmFncmFudEBk
ZWJpYW4ub3JnAAoJENxRj8h/lxaq/mUBAJLoliD+4LIOYNOWCc0ZZ/AuYtPLnrph
j8wEIG6aZrDyAQCRnpfP4T+dXX+QaEEk+AJlmHp0EDZasTKO8nb8bye+CA==
=3xXs
-----END PGP SIGNATURE-----
pgpderncEiILs.pgp
Description: PGP signature
--- End Message ---
