Filtered by vendor Arm
Subscriptions
Total
124 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-15031 | 1 Arm | 1 Arm-trusted-firmware | 2019-01-24 | N/A |
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | ||||
CVE-2017-14032 | 1 Arm | 1 Mbed Tls | 2017-11-08 | N/A |
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. | ||||
CVE-2017-9607 | 1 Arm | 1 Arm-trusted-firmware | 2017-10-03 | N/A |
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | ||||
CVE-2017-7564 | 1 Arm | 1 Arm Trusted Firmware | 2017-06-15 | N/A |
In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. |