CVE-2024-45746
Published: 09 October 2024
Summary
CVE-2024-45746 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Readthedocs (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-45746 affects Trusted Firmware-M versions through 2.1.0. The vulnerability stems from a lack of validation on user-supplied mailbox message pointers that reference input and output argument vectors. Each vector entry holds an unchecked buffer pointer and length; after a PSA call completes, mailbox_direct_reply unconditionally updates the output length field, enabling an arbitrary write into secure firmware memory and control-flow hijacking.
An unauthenticated remote attacker can supply crafted mailbox messages to trigger the flaw. Successful exploitation grants the ability to overwrite arbitrary locations in the secure world, resulting in remote code execution with full control over the trusted firmware.
The project advisory at trustedfirmware-m.readthedocs.io details the issue and links to the Trusted Firmware-M repository for remediation steps. The associated EPSS score has remained flat at 0.0890 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-41579
Vulnerability details
An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument list contains a…
more
buffer pointer and a buffer length field. After a PSA call, the length of the output arguments behind the unchecked pointer is updated in mailbox_direct_reply, regardless of the call result. This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.