CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2022-48251
https://notcve.org/view.php?id=CVE-2022-48251
The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture." • https://eprint.iacr.org/2022/230 https://eshard.com/posts/sca-attacks-on-armv8 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2020-13844
https://notcve.org/view.php?id=CVE-2020-13844
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." Las implementaciones principales de Arm Armv8-A, que usan la ejecución especulativa más allá de los cambios incondicionales en el flujo de control pueden permitir una divulgación no autorizada de información a un atacante con acceso de usuario local por medio de un análisis de canal lateral, también se conoce como "straight-line speculation." • http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-a • CWE-203: Observable Discrepancy •