Vulnerability Description
Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arm | Cortex-M33 Firmware | >= r0p0, <= r1p0 |
| Arm | Cortex-M33 | - |
| Arm | Cortex-M35P Firmware | r0 |
| Arm | Cortex-M35P | - |
| Arm | Cortex-M55 Firmware | >= r0p0, <= r1p0 |
| Arm | Cortex-M55 | - |
| Arm | China Star-Mc1 Firmware | - |
| Arm | China Star-Mc1 | - |
References
- https://developer.arm.com/support/arm-security-updatesVendor Advisory
- https://developer.arm.com/support/arm-security-updates/vlldm-instruction-securitVendor Advisory
- https://developer.arm.com/support/arm-security-updatesVendor Advisory
- https://developer.arm.com/support/arm-security-updates/vlldm-instruction-securitVendor Advisory
FAQ
What is CVE-2021-35465?
CVE-2021-35465 is a vulnerability with a CVSS score of 3.4 (LOW). Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This af...
How severe is CVE-2021-35465?
CVE-2021-35465 has been rated LOW with a CVSS base score of 3.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35465?
Check the references section above for vendor advisories and patch information. Affected products include: Arm Cortex-M33 Firmware, Arm Cortex-M33, Arm Cortex-M35P Firmware, Arm Cortex-M35P, Arm Cortex-M55 Firmware.