CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-4760: Voltage glitch during startup of the EEFC NVM controller can bypass the security bit

6.3 CVSS

Description

A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.

Classification

CVE ID: CVE-2024-4760

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem Types

CWE-1247: Improper Protection Against Voltage and Clock Glitches

Affected Products

Vendor: Microchip

Product: SAME70, SAMS70, SAMV70, SAMV71, SAMG55, SAM4C, SAM4S, SAM4N, SAM4E, SAM3S, SAM3N, SAM3U

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.14% (probability of being exploited)

EPSS Percentile: 35.69% (scored less or equal to compared to others)

EPSS Date: 2025-07-04 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4760
https://www.0x01team.com/hw_security/bypassing-microchip-atmel-sam-e70-s70-v70-v71-security/
https://ww1.microchip.com/downloads/aemDocuments/documents/MCU32/ProductDocuments/SupportingCollateral/Security-Advisory-CVE-2024-4760.pdf

Timeline

2025-06-06 16:40:18 UTC
CVE

Voltage glitch during startup of the EEFC NVM controller can bypass the security bit