CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47630
https://notcve.org/view.php?id=CVE-2022-47630
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state. Trusted Firmware-A hasta su versión 2.8 tiene una lectura fuera de los límites en el analizador X.509 para analizar los certificados de arranque. Esto afecta el uso posterior de get_ext y auth_nvctr. • http://www.openwall.com/lists/oss-security/2023/01/16/8 https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html https://www.trustedfirmware.org/news • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19440
https://notcve.org/view.php?id=CVE-2018-19440
ARM Trusted Firmware-A allows information disclosure. ARM Trusted Firmware-A permite la divulgación de información. • https://github.com/ARM-software/arm-trusted-firmware/pull/1710 https://github.com/ARM-software/arm-trusted-firmware/wiki/Trusted-Firmware-A-Security-Advisory-TFV-8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •