Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7563 | 1 Trustedfirmware | 1 Trusted Firmware-a | 2026-06-08 | 6.8 MEDIUM | 8.1 HIGH |
| In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits). | |||||
| CVE-2017-7564 | 1 Trustedfirmware | 1 Trusted Firmware-a | 2026-06-08 | 5.0 MEDIUM | 7.5 HIGH |
| In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. | |||||
| CVE-2022-47630 | 1 Trustedfirmware | 1 Trusted Firmware-a | 2026-06-05 | N/A | 7.4 HIGH |
| Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state. | |||||
| CVE-2018-19440 | 1 Trustedfirmware | 1 Trusted Firmware-a | 2026-06-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| ARM Trusted Firmware-A allows information disclosure. | |||||
| CVE-2017-9607 | 1 Trustedfirmware | 1 Trusted Firmware-a | 2026-06-05 | 5.1 MEDIUM | 7.0 HIGH |
| The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | |||||
| CVE-2023-31339 | 2 Amd, Trustedfirmware | 43 Trusted Firmware-a, Zu11eg, Zu15eg and 40 more | 2026-06-05 | N/A | 4.8 MEDIUM |
| Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service. | |||||
| CVE-2017-15031 | 1 Trustedfirmware | 1 Trusted Firmware-a | 2026-06-05 | 5.0 MEDIUM | 7.5 HIGH |
| In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | |||||