PT-2017-17801 · Arm · Arm Trusted Firmware
Published
2017-06-07
·
Updated
2026-06-08
·
CVE-2017-7563
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ARM Trusted Firmware version 1.3
Description
The issue in ARM Trusted Firmware allows attackers to bypass the MT EXECUTE NEVER protection mechanism because RO memory is always executable at AArch64 Secure EL1. This is due to an inconsistency in the number of execute-never bits.
Recommendations
For ARM Trusted Firmware version 1.3, consider disabling or restricting access to the execute-never bits mechanism as a temporary workaround until a patch is available.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arm Trusted Firmware