CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-7881
https://notcve.org/view.php?id=CVE-2024-7881
28 Jan 2025 — An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced. An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced. • https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 • CWE-1422: Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10929 – Spectre-BSE
https://notcve.org/view.php?id=CVE-2024-10929
22 Jan 2025 — In certain circumstances, an issue in Arm Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history. • https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE • CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11864 – SCP-Firmware Vulnerability
https://notcve.org/view.php?id=CVE-2024-11864
14 Jan 2025 — Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP • https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11863 – SCP-Firmware Vulnerability
https://notcve.org/view.php?id=CVE-2024-11863
14 Jan 2025 — Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP • https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5660
https://notcve.org/view.php?id=CVE-2024-5660
10 Dec 2024 — Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3, X4, N2, X925 & Travis may permit bypass of Stage-2 translation and/or GPT protection Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 ma... • https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48981
https://notcve.org/view.php?id=CVE-2024-48981
20 Nov 2024 — An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet header by looking up the identifying first byte and matching it against a table of possible lengths. The initial parsing function, hciTrSerialRxIncoming does not drop packets with invalid identifiers but also does not set a safe default for the length of unknown packets' headers, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. I... • https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025018094f290a1d5cf380941f/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c#L161 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48983
https://notcve.org/view.php?id=CVE-2024-48983
20 Nov 2024 — An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier plus the header length. WsfMsgAlloc then increments this again by sizeof(wsfMsg_t). This may cause an integer overflow that results in the buffer being significantly too small to contai... • https://github.com/mbed-ce/mbed-os/blob/54e8693ef4ff7e025018094f290a1d5cf380941f/connectivity/FEATURE_BLE/libraries/cordio_stack/wsf/sources/port/baremetal/wsf_msg.c#L72 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9413
https://notcve.org/view.php?id=CVE-2024-9413
13 Nov 2024 — The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware. • https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-7883 – CMSE secure state may leak from stack to floating-point registers
https://notcve.org/view.php?id=CVE-2024-7883
31 Oct 2024 — When using Arm Cortex-M Security Extensions (CMSE), Secure stack contents can be leaked to Non-secure state via floating-point registers when a Secure to Non-secure function call is made that returns a floating-point value and when this is the first use of floating-point since entering Secure state. This allows an attacker to read a limited quantity of Secure stack contents with an impact on confidentiality. This issue is specific to code generated using LLVM-based compilers. • https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51712
https://notcve.org/view.php?id=CVE-2023-51712
05 Sep 2024 — An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. • https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git •