Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-35465

Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).

Published

2021-08-23T13:15:07.667

Last Modified

2024-11-21T06:12:20.060

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.4 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	arm	cortex-m33_firmware	≤ r1p0	Yes
Hardware	arm	cortex-m33	-	No
Operating System	arm	cortex-m35p_firmware	r0	Yes
Hardware	arm	cortex-m35p	-	No
Operating System	arm	cortex-m55_firmware	≤ r1p0	Yes
Hardware	arm	cortex-m55	-	No
Operating System	arm	china_star-mc1_firmware	-	Yes
Hardware	arm	china_star-mc1	-	No

References

https://developer.arm.com/support/arm-security-updates Vendor Advisory ([email protected])
https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability Vendor Advisory ([email protected])
https://developer.arm.com/support/arm-security-updates Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)