{"url":"http://public2.vulnerablecode.io/api/packages/88438?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.8.0%2Bdfsg-1?distro=trixie","type":"deb","namespace":"debian","name":"arm-trusted-firmware","version":"2.8.0+dfsg-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.9.0+dfsg-3","latest_non_vulnerable_version":"2.12.1+dfsg-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58781?format=json","vulnerability_id":"VCID-2vpe-xgdz-x3bs","summary":"Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47630","reference_id":"","reference_type":"","scores":[{"value":"0.00579","scoring_system":"epss","scoring_elements":"0.69244","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00579","scoring_system":"epss","scoring_elements":"0.69283","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00579","scoring_system":"epss","scoring_elements":"0.69292","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00579","scoring_system":"epss","scoring_elements":"0.69267","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00579","scoring_system":"epss","scoring_elements":"0.69287","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-47630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47630","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47630"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/01/16/8","reference_id":"8","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:25:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/01/16/8"},{"reference_url":"https://www.trustedfirmware.org/news/","reference_id":"news","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:25:45Z/"}],"url":"https://www.trustedfirmware.org/news/"},{"reference_url":"https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html","reference_id":"security-advisory-tfv-10.html","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:25:45Z/"}],"url":"https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88440?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.9.0%2Bdfsg-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.9.0%252Bdfsg-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88439?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-47630"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2vpe-xgdz-x3bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58790?format=json","vulnerability_id":"VCID-45e7-wa2x-gyhz","summary":"An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7881","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31155","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31087","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.3111","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31188","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31119","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7881"},{"reference_url":"https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881","reference_id":"Arm%20CPU%20Vulnerability%20CVE-2024-7881","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T17:06:36Z/"}],"url":"https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88439?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-7881"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45e7-wa2x-gyhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58785?format=json","vulnerability_id":"VCID-8gvg-sbmg-6bbd","summary":"Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5660","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33338","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33268","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.3329","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33322","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33302","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5660"},{"reference_url":"https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660","reference_id":"Arm%20CPU%20Vulnerability%20CVE-2024-5660","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-10T21:25:35Z/"}],"url":"https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88439?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-5660"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gvg-sbmg-6bbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58782?format=json","vulnerability_id":"VCID-b24t-16gk-cfdy","summary":"Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49100","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03618","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03608","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03599","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03623","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03631","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49100"},{"reference_url":"https://github.com/ARM-software/arm-trusted-firmware/blob/a05414bedc9b1cc35cf0795ce641b6b4db5bc97e/services/std_svc/sdei/sdei_main.c#L708","reference_id":"sdei_main.c#L708","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T18:25:46Z/"}],"url":"https://github.com/ARM-software/arm-trusted-firmware/blob/a05414bedc9b1cc35cf0795ce641b6b4db5bc97e/services/std_svc/sdei/sdei_main.c#L708"},{"reference_url":"https://github.com/ARM-software/arm-trusted-firmware/blob/a05414bedc9b1cc35cf0795ce641b6b4db5bc97e/services/std_svc/sdei/sdei_main.c#L714","reference_id":"sdei_main.c#L714","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T18:25:46Z/"}],"url":"https://github.com/ARM-software/arm-trusted-firmware/blob/a05414bedc9b1cc35cf0795ce641b6b4db5bc97e/services/std_svc/sdei/sdei_main.c#L714"},{"reference_url":"https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-11.html","reference_id":"security-advisory-tfv-11.html","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T18:25:46Z/"}],"url":"https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-11.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88441?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.10.0%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.10.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88439?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-49100"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b24t-16gk-cfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58788?format=json","vulnerability_id":"VCID-hp89-2gyr-5bf2","summary":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .     In line 313 \"addr_loaded_cnt\" is checked not to be \"CHECK_IMAGE_AREA_CNT\" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of \"dst\" will be written to the area immediately after the buffer, which is \"addr_loaded_cnt\". This will allow an attacker to freely control the value of \"addr_loaded_cnt\" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value (\"len\") they desire.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6563","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26113","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26217","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26209","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26163","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26107","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6563"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6563","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6563"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076042","reference_id":"1076042","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076042"},{"reference_url":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/235f85b654a031f7647e81b86fc8e4ffeb430164","reference_id":"235f85b654a031f7647e81b86fc8e4ffeb430164","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-08T15:29:36Z/"}],"url":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/235f85b654a031f7647e81b86fc8e4ffeb430164"},{"reference_url":"https://asrg.io/security-advisories/cve-2024-6563/","reference_id":"cve-2024-6563","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-08T15:29:36Z/"}],"url":"https://asrg.io/security-advisories/cve-2024-6563/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88443?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.0%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.0%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88439?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-6563"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hp89-2gyr-5bf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58789?format=json","vulnerability_id":"VCID-sz11-h94r-u3e1","summary":"Buffer overflow in \"rcar_dev_init\"  due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6564","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05349","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05305","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05344","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05368","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6564"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6564","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6564"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076042","reference_id":"1076042","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076042"},{"reference_url":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2","reference_id":"c9fb3558410032d2660c7f3b7d4b87dec09fe2f2","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-09T15:14:13Z/"}],"url":"https://github.com/renesas-rcar/arm-trusted-firmware/commit/c9fb3558410032d2660c7f3b7d4b87dec09fe2f2"},{"reference_url":"https://asrg.io/security-advisories/cve-2024-6564/","reference_id":"cve-2024-6564","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-09T15:14:13Z/"}],"url":"https://asrg.io/security-advisories/cve-2024-6564/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88443?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.0%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.0%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88439?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-6564"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sz11-h94r-u3e1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58783?format=json","vulnerability_id":"VCID-18hz-e36n-tfb2","summary":"An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51712","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30908","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35433","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35496","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35457","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35415","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51712"},{"reference_url":"https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/debug_log_vulnerability.html","reference_id":"debug_log_vulnerability.html","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T22:20:34Z/"}],"url":"https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/debug_log_vulnerability.html"},{"reference_url":"https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/","reference_id":"trusted-firmware-m.git","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T22:20:34Z/"}],"url":"https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88442?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88437?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.4%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vpe-xgdz-x3bs"},{"vulnerability":"VCID-45e7-wa2x-gyhz"},{"vulnerability":"VCID-8gvg-sbmg-6bbd"},{"vulnerability":"VCID-b24t-16gk-cfdy"},{"vulnerability":"VCID-hp89-2gyr-5bf2"},{"vulnerability":"VCID-sz11-h94r-u3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.4%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88438?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.8.0%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vpe-xgdz-x3bs"},{"vulnerability":"VCID-45e7-wa2x-gyhz"},{"vulnerability":"VCID-8gvg-sbmg-6bbd"},{"vulnerability":"VCID-b24t-16gk-cfdy"},{"vulnerability":"VCID-hp89-2gyr-5bf2"},{"vulnerability":"VCID-sz11-h94r-u3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.8.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88439?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2023-51712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18hz-e36n-tfb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58784?format=json","vulnerability_id":"VCID-dr22-zmhq-skbn","summary":"An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length field. After a PSA call, the length of the output arguments behind the unchecked pointer is updated in mailbox_direct_reply, regardless of the call result. This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45746","reference_id":"","reference_type":"","scores":[{"value":"0.08901","scoring_system":"epss","scoring_elements":"0.92733","published_at":"2026-06-09T12:55:00Z"},{"value":"0.08901","scoring_system":"epss","scoring_elements":"0.92727","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08901","scoring_system":"epss","scoring_elements":"0.92722","published_at":"2026-06-06T12:55:00Z"},{"value":"0.08901","scoring_system":"epss","scoring_elements":"0.92717","published_at":"2026-06-07T12:55:00Z"},{"value":"0.08901","scoring_system":"epss","scoring_elements":"0.92715","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45746"},{"reference_url":"https://www.trustedfirmware.org/projects/tf-m/","reference_id":"tf-m","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T17:09:43Z/"}],"url":"https://www.trustedfirmware.org/projects/tf-m/"},{"reference_url":"https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.html","reference_id":"user_pointers_mailbox_vectors_vulnerability.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T17:09:43Z/"}],"url":"https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/user_pointers_mailbox_vectors_vulnerability.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88442?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88437?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.4%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vpe-xgdz-x3bs"},{"vulnerability":"VCID-45e7-wa2x-gyhz"},{"vulnerability":"VCID-8gvg-sbmg-6bbd"},{"vulnerability":"VCID-b24t-16gk-cfdy"},{"vulnerability":"VCID-hp89-2gyr-5bf2"},{"vulnerability":"VCID-sz11-h94r-u3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.4%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88438?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.8.0%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vpe-xgdz-x3bs"},{"vulnerability":"VCID-45e7-wa2x-gyhz"},{"vulnerability":"VCID-8gvg-sbmg-6bbd"},{"vulnerability":"VCID-b24t-16gk-cfdy"},{"vulnerability":"VCID-hp89-2gyr-5bf2"},{"vulnerability":"VCID-sz11-h94r-u3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.8.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88439?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2024-45746"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dr22-zmhq-skbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58791?format=json","vulnerability_id":"VCID-wupp-f76z-xfb7","summary":"TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade (FWU) module does not validate the length field of the Type-Length-Value (TLV) structure for dependent components against the maximum allowed size. If the length specified in the TLV exceeds the size of the buffer allocated on the stack, the FWU module will overwrite the buffer (and potentially other stack data) with the TLV's value content. An attacker could exploit this by crafting a malicious TLV entry in the unprotected section of the MCUBoot upgrade image. By setting the length field to exceed the expected structure size, the attacker can manipulate the stack memory of the system during the upgrade process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53022","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59668","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59649","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59677","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59674","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53022"},{"reference_url":"https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/fwu_tlv_payload_out_of_bounds_vulnerability.html","reference_id":"fwu_tlv_payload_out_of_bounds_vulnerability.html","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T19:50:00Z/"}],"url":"https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/fwu_tlv_payload_out_of_bounds_vulnerability.html"},{"reference_url":"https://www.trustedfirmware.org/projects/tf-m/","reference_id":"tf-m","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T19:50:00Z/"}],"url":"https://www.trustedfirmware.org/projects/tf-m/"},{"reference_url":"https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/+/refs/heads/main/secure_fw/partitions/firmware_update/bootloader/mcuboot/tfm_mcuboot_fwu.c#257","reference_id":"tfm_mcuboot_fwu.c#257","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T19:50:00Z/"}],"url":"https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/+/refs/heads/main/secure_fw/partitions/firmware_update/bootloader/mcuboot/tfm_mcuboot_fwu.c#257"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/88442?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88437?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.4%2Bdfsg-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vpe-xgdz-x3bs"},{"vulnerability":"VCID-45e7-wa2x-gyhz"},{"vulnerability":"VCID-8gvg-sbmg-6bbd"},{"vulnerability":"VCID-b24t-16gk-cfdy"},{"vulnerability":"VCID-hp89-2gyr-5bf2"},{"vulnerability":"VCID-sz11-h94r-u3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.4%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88438?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.8.0%2Bdfsg-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vpe-xgdz-x3bs"},{"vulnerability":"VCID-45e7-wa2x-gyhz"},{"vulnerability":"VCID-8gvg-sbmg-6bbd"},{"vulnerability":"VCID-b24t-16gk-cfdy"},{"vulnerability":"VCID-hp89-2gyr-5bf2"},{"vulnerability":"VCID-sz11-h94r-u3e1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.8.0%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/88439?format=json","purl":"pkg:deb/debian/arm-trusted-firmware@2.12.1%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.12.1%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2025-53022"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wupp-f76z-xfb7"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/arm-trusted-firmware@2.8.0%252Bdfsg-1%3Fdistro=trixie"}