Trusted Firmware A
Monthly
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.
ARM Trusted Firmware-A allows information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.
ARM Trusted Firmware-A allows information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.