Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:HTrustedfirmware Trusted Firmware A
OSTrustedfirmware1.2 – 2.8
Related vulnerabilities
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMC...
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data...
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypas...
In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attac...
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a p...