Vulnerabilities > CVE-2021-35465 - Unspecified vulnerability in ARM products

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

arm

NVD

Published: 2021-08-23

Updated: 2022-07-12

Summary

Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).

Vulnerable Configurations

Part	Description	Count
OS	Arm ARM Cortex M33 Firmware R0P0 ARM Cortex M33 Firmware R1P0 ARM Cortex M35P Firmware R0 ARM Cortex M55 Firmware R0P0 ARM Cortex M55 Firmware R1P0 ARM China Star MC1 Firmware -	6
Hardware	Arm ARM Cortex M33 - ARM Cortex M35P - ARM Cortex M55 - ARM China Star MC1 -	4

References

https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability
https://developer.arm.com/support/arm-security-updates