Integer Overflow in ARM Trusted Firmware Allows Unauthorized Memory Access
CVE-2017-9607

7HIGH

Key Information:

Vendor: Arm
Status: Arm-trusted-firmware
Vendor: CVE Published:; 20 September 2017

Summary

An integer overflow vulnerability exists in the BL1 Firmware Update Secure Monitor Call (FWU SMC) handling code of ARM Trusted Firmware prior to version 1.4. This flaw may enable attackers to bypass the bl1_plat_mem_check protection mechanism, allowing unauthorized writing of arbitrary data to secure memory. Exploitation of this vulnerability could lead to denial of service scenarios or other undisclosed impacts through the deployment of a specially crafted AArch32 image.

References

https://github.com/ARM-software/arm-trusted-firmware/blob...

x_refsource_CONFIRM

https://github.com/ARM-software/arm-trusted-firmware/wiki...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2017
Vulnerability Reserved
Jun 13, 2017