Integer Overflow in ARM Trusted Firmware Allows Unauthorized Memory Access
CVE-2017-9607

7HIGH

Key Information:

Vendor

Arm
Status
Arm-trusted-firmware
Vendor
CVE Published:
20 September 2017

What is CVE-2017-9607?

An integer overflow vulnerability exists in the BL1 Firmware Update Secure Monitor Call (FWU SMC) handling code of ARM Trusted Firmware prior to version 1.4. This flaw may enable attackers to bypass the bl1_plat_mem_check protection mechanism, allowing unauthorized writing of arbitrary data to secure memory. Exploitation of this vulnerability could lead to denial of service scenarios or other undisclosed impacts through the deployment of a specially crafted AArch32 image.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/ARM-software/arm-trusted-firmware/blob...
x_refsource_CONFIRM
https://github.com/ARM-software/arm-trusted-firmware/wiki...
x_refsource_CONFIRM

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.