Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/01/16/8 | Mailing List Patch Third Party Advisory |
https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html | Patch Vendor Advisory |
https://www.trustedfirmware.org/news/ | Vendor Advisory |
Configurations
History
24 Jan 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:arm:trusted_firmware-a:*:*:*:*:*:*:*:* | |
CWE | CWE-125 | |
First Time |
Arm
Arm trusted Firmware-a |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
References | (MISC) https://www.trustedfirmware.org/news/ - Vendor Advisory | |
References | (CONFIRM) https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html - Patch, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/01/16/8 - Mailing List, Patch, Third Party Advisory |
16 Jan 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jan 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-16 16:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-47630
Mitre link : CVE-2022-47630
CVE.ORG link : CVE-2022-47630
JSON object : View
Products Affected
arm
- trusted_firmware-a
CWE
CWE-125
Out-of-bounds Read