HIGH✓ PATCH🇬🇧 English

CVE-2017-9607

CVSS 7.0v3.0pub. 2017-09-20upd. 2026-06-05

The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Trustedfirmware Trusted Firmware A

    OS
    Trustedfirmware
    ≤ 1.3
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2022-47630HIGH7.4ten sam produkt

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. Th...

CVE-2017-15031HIGH7.5ten sam produkt

In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMC...

CVE-2017-7563HIGH8.1ten sam produkt

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypas...

CVE-2017-7564HIGH7.5ten sam produkt

In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attac...

CVE-2023-31339MEDIUM4.8ten sam produkt

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a p...