CVE-2017-15031

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: ARM Trusted Firmware versions prior to v1.5

Description: The issue concerns the potential leak of secure world timing information due to the PMCR EL0 register not being initialized or saved/restored properly.

Recommendations: For ARM Trusted Firmware versions prior to v1.5, ensure proper initialization and saving/restoring of the PMCR EL0 register to prevent secure world timing information leakage.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-15031

Affected Products

Arm Trusted Firmware

CVE-2017-15031

Weakness Enumeration

Related Identifiers

Affected Products

References · 5