Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

arm-trusted-firmware vulnerabilities and exploits

(subscribe to this query)
5.9
CVSSv3
CVE-2016-10319
In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firm...
Arm Trusted Firmware Project Arm Trusted Firmware 1.3Arm Trusted Firmware Project Arm Trusted Firmware 1.2
7.5
CVSSv3
CVE-2023-40271
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verifi...
Arm Trusted Firmware-m 1.8.0Arm Trusted Firmware-m 1.7.0Arm Trusted Firmware-m 1.6.0Arm Trusted Firmware-m 1.6.1
7.8
CVSSv3
CVE-2021-43619
Trusted Firmware M 1.4.x up to and including 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
Arm Trusted Firmware-m 1.4.0Arm Trusted Firmware-m 1.4.1
8.1
CVSSv3
CVE-2017-7563
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing malicious users to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).
Arm Arm Trusted Firmware
7.4
CVSSv3
CVE-2022-47630
Trusted Firmware-A up to and including 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about micr...
Arm Trusted Firmware-a
7.5
CVSSv3
CVE-2017-15031
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
Arm Arm-trusted-firmware
5.3
CVSSv3
CVE-2018-19440
ARM Trusted Firmware-A allows information disclosure.
Arm Trusted Firmware-a
7
CVSSv3
CVE-2017-9607
The BL1 FWU SMC handling code in ARM Trusted Firmware prior to 1.4 might allow malicious users to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 ...
Arm Arm-trusted-firmware
7.5
CVSSv3
CVE-2017-7564
In ARM Trusted Firmware up to and including 1.3, the secure self-hosted invasive debug interface allows normal world malicious users to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.
Arm Arm Trusted Firmware
5.5
CVSSv3
CVE-2021-27562
In Arm Trusted Firmware M up to and including 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
Arm Trusted Firmware M
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook