CVE-2017-15031

Published: Dec 18, 2018Modified: Mar 25, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.

Affected (1)

Products: Arm: Arm Trusted Firmware

Arm

1 product

Arm Trusted Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Arm Arm Trusted Firmware	Up to 2.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securityfocus.com/bid/106271

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-5

Source: cve@mitre.org

PatchThird Party Advisory

http://www.securityfocus.com/bid/106271

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-5

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.