Vulnerabilities > CVE-2022-48251 - Information Exposure Through Discrepancy vulnerability in ARM products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

arm

CWE-203

NVD

Published: 2023-01-10

Updated: 2024-04-11

Summary

The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."

Vulnerable Configurations

Part	Description	Count
OS	Arm ARM Cortex A53 Firmware - ARM Cortex A55 Firmware - ARM Cortex A57 Firmware - ARM Cortex A72 Firmware - ARM Cortex A73 Firmware - ARM Cortex A75 Firmware - ARM Cortex A76 Firmware - ARM Cortex A76Ae Firmware - ARM Cortex A77 Firmware - ARM Cortex A78 Firmware -	10
Hardware	Arm ARM Cortex A53 - ARM Cortex A55 - ARM Cortex A57 - ARM Cortex A72 - ARM Cortex A73 - ARM Cortex A75 - ARM Cortex A76 - ARM Cortex A76Ae - ARM Cortex A77 - ARM Cortex A78 -	10

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References