{"id":"CVE-2024-6285","details":"Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware.\nAn integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses.","modified":"2026-04-12T19:53:19.472703Z","published":"2024-06-24T16:15:10.763Z","references":[{"type":"ADVISORY","url":"https://asrg.io/security-advisories/cve-2024-6285/"},{"type":"FIX","url":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/renesas-rcar/arm-trusted-firmware","events":[{"introduced":"0"},{"fixed":"b596f580637bae919b0ac3a5471422a1f756db3b"}]},{"type":"GIT","repo":"https://github.com/renesas-rcar/arm-trusted-firmware","events":[{"introduced":"0"},{"fixed":"b596f580637bae919b0ac3a5471422a1f756db3b"}]}],"database_specific":{"vanir_signatures":[{"id":"CVE-2024-6285-d6e96990","target":{"file":"drivers/renesas/common/io/io_rcar.c"},"signature_version":"v1","deprecated":false,"source":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b","signature_type":"Line","digest":{"line_hashes":["167545474265535815709469781345846274975","83672508553065906885160285310470229070","192449489686858836217356063237994548850","44563517852321594524543286850430926918","107636787740302120215243284208098469223","244833072605430231046001163781989143690","58933159413703032944791521093473852621","286653017787239719823438752341224643558"],"threshold":0.9}},{"id":"CVE-2024-6285-d9121ddb","target":{"file":"drivers/renesas/common/io/io_rcar.c","function":"check_load_area"},"signature_version":"v1","deprecated":false,"source":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/b596f580637bae919b0ac3a5471422a1f756db3b","signature_type":"Function","digest":{"length":881,"function_hash":"117185750020082507362494084268299919491"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6285.json","vanir_signatures_modified":"2026-04-12T19:53:19Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"v2.5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}