PT-2021-16606 · Rkp · Rkp

Hard

Published

2021-06-11

Updated

2021-06-16

CVE-2021-25415

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: RKP prior to SMR JUN-2021 Release 1

Description: An improper address validation in RKP allows local attackers to remap EL2 memory as writable, assuming EL1 is compromised. This issue enables attackers to potentially escalate privileges or execute malicious code.

Recommendations: For RKP prior to SMR JUN-2021 Release 1, update to SMR JUN-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive memory regions to minimize the risk of exploitation.

Fix

Code Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20

Related Identifiers

CVE-2021-25415

Affected Products

Rkp

PT-2021-16606 · Rkp · Rkp

CVE-2021-25415

Weakness Enumeration

Related Identifiers

Affected Products

References · 4