Out-of-bounds Read Vulnerability in Trusted Firmware-A X.509 Parser
CVE-2022-47630

7.4HIGH

Key Information:

Vendor: Arm
Status: Trusted Firmware-a
Vendor: CVE Published:; 16 January 2023

Summary

An out-of-bounds read vulnerability exists in Trusted Firmware-A versions prior to 2.8 within the X.509 parser responsible for interpreting boot certificates. This weakness could allow attackers to exploit side effects from dangerous reads or potentially extract sensitive information related to the microarchitectural state. Safeguarding against this issue is crucial for maintaining the integrity and confidentiality of systems utilizing this firmware.

References

https://www.trustedfirmware.org/news/

https://trustedfirmware-a.readthedocs.io/en/latest/securi...

http://www.openwall.com/lists/oss-security/2023/01/16/8

mailing-list

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2023
Vulnerability Reserved
Dec 20, 2022