CVE-2024-9413:

Description

The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.

Classification

CVE ID: CVE-2024-9413

Affected Products

Vendor: Arm

Product: SCP-Firmware

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability

Timeline

2024-11-28 00:12:02 UTC
CVE