Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-35465

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/08/2021
Last modified:
12/07/2022

Description

Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS v3.1 Severity and Metrics:

Base Score: 3.40 LOW
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

Base Score 3.x
3.40
Severity 3.x
LOW
Vector 2.0
AV:L/AC:L/Au:N/C:P/I:P/A:N CVSS v2.0 Severity and Metrics:

Base Score: 3.60 LOW
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): None

Base Score 2.0
3.60
Severity 2.0
LOW

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:arm:cortex-m33_firmware:*:*:*:*:*:*:*:* r0p0 (including) r1p0 (including)
cpe:2.3:h:arm:cortex-m33:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:cortex-m35p_firmware:r0:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-m35p:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:cortex-m55_firmware:*:*:*:*:*:*:*:* r0p0 (including) r1p0 (including)
cpe:2.3:h:arm:cortex-m55:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:china_star-mc1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:china_star-mc1:-:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools