CVE-2022-47630

Description

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.

Related CPE's

aarmtrusted_firmware-a********

References

https://www.trustedfirmware.org/news/

Vendor Advisory

https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html

PatchVendor Advisory

[oss-security] 20230116 CVE-2022-47630 Trusted Firmware-A - Out-of-bounds read in X.509 parser

Mailing ListPatchThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io