CVE-2018-18068

Name of the Vulnerable Software and Affected Versions Raspberry Pi 3 module B+ (affected versions not specified)

Description The issue concerns the ARM-based hardware debugging feature, which allows non-secure EL1 code to access and modify EL3 memory and registers. This is achieved through inter-processor debugging, where a debug host processor can halt a debug target processor and elevate its privilege level. As a result, the debug host gains full control over the target processor, enabling it to read and write any EL3 memory or register. This access also allows the execution of arbitrary code in EL3.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.