📦

trusted_firmware-a

Vendor: trustedfirmware

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 4 Total Indexed

Avg. EPSS 0.43% Exploit Prob.

Latest CVE CVE-2022-47630 Jan 16

Security Vulnerability Index

Page 1 / 1

7.4 CVSS

CVE-2022-47630

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.

EPSS: 0.58%

Severity: HIGH

Jan 16, 2023

5.3 CVSS

CVE-2018-19440

ARM Trusted Firmware-A allows information disclosure.

EPSS: 0.23%

Severity: MEDIUM

Jan 30, 2019

7.5 CVSS

CVE-2017-15031

In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.

EPSS: 0.72%

Severity: HIGH

Dec 18, 2018

7.0 CVSS

CVE-2017-9607

The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.

EPSS: 0.19%

Severity: HIGH

Sep 20, 2017

Displaying 4 of 4 Total Entries

Total 1 Sections