CVE-2022-47630

CVSS V2 None CVSS V3 None
Description
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.
Overview
  • CVE ID
  • CVE-2022-47630
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-16T16:15:10
  • Last Modified Date
  • 2023-01-24T14:15:00
Weakness Enumerations
CWE URL
CWE-125 http://cwe.mitre.org/data/definitions/125.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:arm:trusted_firmware-a:*:*:*:*:*:*:*:* 1 OR 1.2 2.8
References
Reference URL Reference Tags
http://www.openwall.com/lists/oss-security/2023/01/16/8
https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-10.html
https://www.trustedfirmware.org/news/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-47630
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47630
History
Created Old Value New Value Data Type Notes
2023-01-16 16:16:56 Added to TrackCVE
2023-01-16 20:15:24 2023-01-16T19:15:10 CVE Modified Date updated
2023-01-16 20:15:24 References updated
2023-01-17 14:15:09 2023-01-17T13:24:41 CVE Modified Date updated
2023-01-17 14:15:09 Received Awaiting Analysis Vulnerability Status updated
2023-01-23 15:14:04 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-24 16:14:30 2023-01-24T14:15:00 CVE Modified Date updated
2023-01-24 16:14:30 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-24 16:14:32 Weakness Enumeration new
2023-01-24 16:14:34 CPE Information updated