Vulnerabilities > ARM > ARM Trusted Firmware > 0.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-18 | CVE-2017-15031 | Information Exposure vulnerability in ARM Arm-Trusted-Firmware In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | 7.5 |
| 2017-09-20 | CVE-2017-9607 | Integer Overflow or Wraparound vulnerability in ARM Arm-Trusted-Firmware The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | 7.0 |