Vulnerabilities > ARM > ARM Trusted Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-18 CVE-2017-15031 Information Exposure vulnerability in ARM Arm-Trusted-Firmware
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
network
low complexity
arm CWE-200
7.5
2017-09-20 CVE-2017-9607 Integer Overflow or Wraparound vulnerability in ARM Arm-Trusted-Firmware
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.
local
high complexity
arm CWE-190
7.0
2017-06-07 CVE-2017-7564 Improper Input Validation vulnerability in ARM Trusted Firmware
In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.
network
low complexity
arm CWE-20
7.5
2017-06-07 CVE-2017-7563 Incorrect Permission Assignment for Critical Resource vulnerability in ARM Trusted Firmware
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism.
network
high complexity
arm CWE-732
8.1