CVE-2017-9607

7HIGH

Key Information:

Vendor: Arm
Status: Arm-trusted-firmware
Vendor: CVE Published:; 20 September 2017

Summary

The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.

References

https://github.com/ARM-software/arm-trusted-firmware/blob...

x_refsource_CONFIRM

https://github.com/ARM-software/arm-trusted-firmware/wiki...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2017
Vulnerability Reserved
Jun 13, 2017