Lines Matching refs:in
5 | Title | Malformed Firmware Update SMC can result in copy of |
28 known as recovery mode). This allows most FWU functionality to be implemented in
30 functionality in BL1. When cold boot reaches the EL3 Runtime Software (for
42 2. Platform code arranges for untrusted normal world FWU code to be executed in
43 the cold boot path, before BL31 starts. Untrusted in this sense means code
44 that is not in ROM or has not been authenticated or has otherwise been
50 The vulnerabilities consist of potential integer overflows in the input
58 Two of the vulnerabilities are in the function ``bl1_fwu_image_copy()`` in
84 INFO("BL1-FWU: Continuing image copy in blocks\n");
92 This code fragment is executed when the image copy operation is performed in
94 potentially controllable by an attacker. A very large value may result in an
95 integer overflow in the 1st ``if`` statement, which would bypass the check,
98 result in an unexpectedly large copy of data into secure memory.
128 large value of ``image_size`` may result in an integer overflow in the 2nd
130 If ``bl1_plat_mem_check()`` also passes, this may result in an unexpectedly
137 - Line 88 of ``plat/arm/common/arm_bl1_fwu.c`` in function of
154 regions mapped in by ARM platforms. Here, ``mem_size`` may be the
156 ``mem_size`` may result in an integer overflow and the function to incorrectly