Vulnerability Description
The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arm | Cortex-A53 Firmware | - |
| Arm | Cortex-A53 | - |
| Arm | Cortex-A55 Firmware | - |
| Arm | Cortex-A55 | - |
| Arm | Cortex-A57 Firmware | - |
| Arm | Cortex-A57 | - |
| Arm | Cortex-A72 Firmware | - |
| Arm | Cortex-A72 | - |
| Arm | Cortex-A73 Firmware | - |
| Arm | Cortex-A73 | - |
| Arm | Cortex-A75 Firmware | - |
| Arm | Cortex-A75 | - |
| Arm | Cortex-A76 Firmware | - |
| Arm | Cortex-A76 | - |
| Arm | Cortex-A76Ae Firmware | - |
| Arm | Cortex-A76Ae | - |
| Arm | Cortex-A77 Firmware | - |
| Arm | Cortex-A77 | - |
| Arm | Cortex-A78 Firmware | - |
| Arm | Cortex-A78 | - |
Related Weaknesses (CWE)
References
- https://eprint.iacr.org/2022/230Technical DescriptionThird Party Advisory
- https://eshard.com/posts/sca-attacks-on-armv8ExploitThird Party Advisory
- https://eprint.iacr.org/2022/230Technical DescriptionThird Party Advisory
- https://eshard.com/posts/sca-attacks-on-armv8ExploitThird Party Advisory
FAQ
What is CVE-2022-48251?
CVE-2022-48251 is a vulnerability with a CVSS score of 7.5 (HIGH). The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel...
How severe is CVE-2022-48251?
CVE-2022-48251 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48251?
Check the references section above for vendor advisories and patch information. Affected products include: Arm Cortex-A53 Firmware, Arm Cortex-A53, Arm Cortex-A55 Firmware, Arm Cortex-A55, Arm Cortex-A57 Firmware.