CVE-2016-10319

Name of the Vulnerable Software and Affected Versions ARM Trusted Firmware versions 1.2 through 1.3

Description The issue arises from a malformed firmware update SMC that can cause integer overflows, leading to the copying of unexpectedly large data into secure memory. This occurs in specific scenarios involving the execution of AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.

Recommendations For ARM Trusted Firmware versions 1.2 through 1.3, as a temporary workaround, consider restricting the execution of firmware update code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.