7.9

CVE-2025-0647

In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have been invalidated by the TLBI.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArmC1-ultra Firmware Version-
   ArmC1-ultra Version-
ArmC1-premium Firmware Version-
   ArmC1-premium Version-
ArmCortex-a710 Firmware Version-
   ArmCortex-a710 Version-
ArmCortex-x2 Firmware Version-
   ArmCortex-x2 Version-
ArmCortex-x3 Firmware Version-
   ArmCortex-x3 Version-
ArmCortex-x4 Firmware Version-
   ArmCortex-x4 Version-
ArmCortex-x925 Firmware Version-
   ArmCortex-x925 Version-
ArmNeoverse-v2 Firmware Version-
   ArmNeoverse-v2 Version-
ArmNeoverse-v3 Firmware Version-
   ArmNeoverse-v3 Version-
ArmNeoverse-v3ae Firmware Version-
   ArmNeoverse-v3ae Version-
ArmNeoverse-n2 Firmware Version-
   ArmNeoverse-n2 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.023
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.9 1.5 5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CWE-226 Sensitive Information in Resource Not Removed Before Reuse

The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.