Main Vulnerability Database SB2025020337

SB2025020337 - Security restrictions bypass in Arm-based CPUs

Published: February 3, 2025

Security Bulletin ID SB2025020337

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security features bypass (CVE-ID: CVE-2024-5660)

The vulnerability allows a malicious guest to compromise the hypervisor.

The vulnerability exists due to incorrect memory address translation when Hardware Page Aggregation (HPA) is enabled and Stage-1 and/or Stage-2 translation is enabled for the active translation regime. A malicious guest can bypass Stage-2 translation and/or GPT protection and compromise the host in certain hypervisor environments.

Remediation

Install update from vendor's website.

References

https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660

Vulnerable Software

Cortex-A77: All versions
Cortex-A78: All versions
Cortex-A78C: All versions
Cortex-A78AE: All versions
Cortex-A710: All versions
Cortex-X1: All versions
Cortex-X1C: All versions
Cortex-X2: All versions
Cortex-X3: All versions
Cortex-X4: All versions
Cortex-X925: All versions
Neoverse V1: All versions
Neoverse V2: All versions
Neoverse V3: All versions
Neoverse V3AE: All versions
Neoverse N2: All versions

SB2025020337 - Security restrictions bypass in Arm-based CPUs

Breakdown by Severity

Description

Remediation

References

Please verify you're human