// For flags

CVE-2017-7563

 

Severity Score

8.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).

En Trusted Firmware versión 1.3 de ARM, la memoria RO es siempre ejecutable en AArch64 Secure EL1, lo que permite a los atacantes eludir el mecanismo de protección MT_EXECUTE_NEVER. Este problema ocurre debido a la inconsistencia en el número de bits de nunca ejecutados (un bit contra dos bits).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-04-06 CVE Reserved
  • 2017-06-07 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Arm
Search vendor "Arm"
Arm Trusted Firmware
Search vendor "Arm" for product "Arm Trusted Firmware"
<= 1.3
Search vendor "Arm" for product "Arm Trusted Firmware" and version " <= 1.3"
-
Affected