In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NTrustedfirmware Trusted Firmware A
OSTrustedfirmware≤ 2.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2022-47630HIGH7.4ten sam produkt
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. Th...
CVE-2017-9607HIGH7.0ten sam produkt
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data...
CVE-2017-7563HIGH8.1ten sam produkt
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypas...
CVE-2017-7564HIGH7.5ten sam produkt
In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attac...
CVE-2023-31339MEDIUM4.8ten sam produkt
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a p...