Vulnerability Description
The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Raspberrypi | Raspberry Pi 3 Model B\+ Firmware | - |
| Raspberrypi | Raspberry Pi 3 Model B\+ | - |
Related Weaknesses (CWE)
References
- http://www.cs.wayne.edu/fengwei/paper/nailgun-sp19.pdfExploitTechnical DescriptionThird Party Advisory
- https://www.computer.org/csdl/proceedings-article/sp/2019/666000b157/17D45WHONhvThird Party Advisory
- http://www.cs.wayne.edu/fengwei/paper/nailgun-sp19.pdfExploitTechnical DescriptionThird Party Advisory
- https://www.computer.org/csdl/proceedings-article/sp/2019/666000b157/17D45WHONhvThird Party Advisory
FAQ
What is CVE-2018-18068?
CVE-2018-18068 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register ...
How severe is CVE-2018-18068?
CVE-2018-18068 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-18068?
Check the references section above for vendor advisories and patch information. Affected products include: Raspberrypi Raspberry Pi 3 Model B\+ Firmware, Raspberrypi Raspberry Pi 3 Model B\+.