CVE-2024-7881

EPSS 0.04%
Veröffentlicht 28.01.2025 15:15:12
Zuletzt bearbeitet 18.12.2025 15:36:35
Quelle arm-security@arm.com
CVE-Watchlists
Login
Unerledigt
Login

An unprivileged context can trigger a data
memory-dependent prefetch engine to fetch the contents of a privileged location
and consume those contents as an address that is also dereferenced.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arm ≫ C1-premium Firmware Version-

Arm ≫ C1-premium Version-

Arm ≫ C1-pro Firmware Version-

Arm ≫ C1-pro Version-

Arm ≫ C1-ultra Firmware Version-

Arm ≫ C1-ultra Version-

Arm ≫ Cortex-x3 Firmware Version-

Arm ≫ Cortex-x3 Version-

Arm ≫ Cortex-x4 Firmware Version-

Arm ≫ Cortex-x4 Version-

Arm ≫ Cortex-x925 Firmware Version-

Arm ≫ Cortex-x925 Version-

Arm ≫ Neoverse-v2 Firmware Version-

Arm ≫ Neoverse-v2 Version-

Arm ≫ Neoverse-v3 Firmware Version-

Arm ≫ Neoverse-v3 Version-

Arm ≫ Neoverse-v3ae Firmware Version-

Arm ≫ Neoverse-v3ae Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.113

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.1	2.5	2.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7881

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7881

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7881

EUVD