Trustedfirmware: >> Trusted Firmware-A >> 1.5 Security Vulnerabilities
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-08-13
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.
CVSS Score
7.4
EPSS Score
0.006
Published
2023-01-16
ARM Trusted Firmware-A allows information disclosure.
CVSS Score
5.3
EPSS Score
0.014
Published
2019-01-30
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
CVSS Score
7.5
EPSS Score
0.019
Published
2018-12-18