Trusted Firmware-A CVE Vulnerabilities

Name: Trusted Firmware-A
Author: Trustedfirmware

By Trustedfirmware — 4 known vulnerabilities

Also tracked as: amd/trusted-firmware-a

Critical

High

Medium

Low

None

All Trusted Firmware-A CVEs

Recent Highest Score Oldest

CVE-2022-47630

7.4 high

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.

Jan 16, 2023

CVE-2018-19440

5.3 medium

ARM Trusted Firmware-A allows information disclosure.

Jan 30, 2019

CVE-2017-15031

7.5 high

In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.

Dec 18, 2018

CVE-2017-9607

7.0 high

The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an int

Sep 20, 2017