CVE-2023-31339

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

medium 4.8 CVSS 3.1
Published: Aug 13, 2024
Modified: Jun 5, 2026
Vendor: Amd
Product: Trusted Firmware-A

Description

Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

References

Related CVEs

CVE-2022-47630 high · 7.4
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might b
CVE-2018-19440 medium · 5.3
ARM Trusted Firmware-A allows information disclosure.
CVE-2017-15031 high · 7.5
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
CVE-2017-9607 high · 7.0
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism,