Trusted Firmware A

trusted_firmware-a

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-31339 3Amd ArmTrustedfirmware 3Trusted Firmware A Trusted Firmware ATrusted Firmware A Jun 5, 2026 Aug 13, 2024 N/A· v4 5.8 MEDIUM· v3 N/A· v2 Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVE-2022-47630 2Arm Trustedfirmware 2Trusted Firmware A Trusted Firmware A Jun 5, 2026 Jan 16, 2023 N/A· v4 7.4 HIGH· v3 N/A· v2 Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side ef...Show more Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.Show less
CVE-2018-19440 2Arm Trustedfirmware 2Trusted Firmware A Trusted Firmware A Jun 5, 2026 Jan 30, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 ARM Trusted Firmware-A allows information disclosure.
CVE-2017-15031 2Arm Trustedfirmware 2Arm Trusted Firmware Trusted Firmware A Jun 5, 2026 Dec 18, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
CVE-2017-9607 2Arm Trustedfirmware 2Arm Trusted Firmware Trusted Firmware A Jun 5, 2026 Sep 20, 2017 N/A· v4 7.0 HIGH· v3 5.1 MEDIUM· v2 The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly...Show more The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.Show less
CVE-2017-7564 2Arm Trustedfirmware 2Arm Trusted Firmware Trusted Firmware A Jun 8, 2026 Jun 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug regist...Show more In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.Show less
CVE-2017-7563 2Arm Trustedfirmware 2Arm Trusted Firmware Trusted Firmware A Jun 8, 2026 Jun 7, 2017 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execu...Show more In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).Show less