Vulnerability Description
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arm | Arm-Trusted-Firmware | <= 1.3 |
Related Weaknesses (CWE)
References
- https://github.com/ARM-software/arm-trusted-firmware/blob/v1.4/docs/change-log.rIssue TrackingPatchRelease Notes
- https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-SIssue TrackingPatchThird Party Advisory
- https://github.com/ARM-software/arm-trusted-firmware/blob/v1.4/docs/change-log.rIssue TrackingPatchRelease Notes
- https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-SIssue TrackingPatchThird Party Advisory
FAQ
What is CVE-2017-9607?
CVE-2017-9607 is a vulnerability with a CVSS score of 7.0 (HIGH). The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of s...
How severe is CVE-2017-9607?
CVE-2017-9607 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9607?
Check the references section above for vendor advisories and patch information. Affected products include: Arm Arm-Trusted-Firmware.