Security restrictions bypass in Arm-based CPUs
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-5660 |
| CWE-ID | CWE-254 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cortex-A77 Hardware solutions / Firmware Cortex-A78 Hardware solutions / Firmware Cortex-A78C Hardware solutions / Firmware Cortex-A78AE Hardware solutions / Firmware Cortex-A710 Hardware solutions / Firmware Cortex-X1 Hardware solutions / Firmware Cortex-X1C Hardware solutions / Firmware Cortex-X2 Hardware solutions / Firmware Cortex-X3 Hardware solutions / Firmware Cortex-X4 Hardware solutions / Firmware Cortex-X925 Hardware solutions / Firmware Neoverse V1 Hardware solutions / Firmware Neoverse V2 Hardware solutions / Firmware Neoverse V3 Hardware solutions / Firmware Neoverse V3AE Hardware solutions / Firmware Neoverse N2 Hardware solutions / Firmware |
| Vendor | ARM |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Security features bypass
EUVDB-ID: #VU103509
Risk: High
CVSSv4.0: 6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:U/U:Amber]
CVE-ID: CVE-2024-5660
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to compromise the hypervisor.
The vulnerability exists due to incorrect memory address translation when Hardware Page Aggregation (HPA) is enabled and Stage-1 and/or Stage-2 translation is enabled for the active translation regime. A malicious guest can bypass Stage-2 translation and/or GPT protection and compromise the host in certain hypervisor environments.
MitigationThe vendor recommends disabling page aggregation by setting CPUECTLR_EL1[46] to 1.
Cortex-A77: All versions
Cortex-A78: All versions
Cortex-A78C: All versions
Cortex-A78AE: All versions
Cortex-A710: All versions
Cortex-X1: All versions
Cortex-X1C: All versions
Cortex-X2: All versions
Cortex-X3: All versions
Cortex-X4: All versions
Cortex-X925: All versions
Neoverse V1: All versions
Neoverse V2: All versions
Neoverse V3: All versions
Neoverse V3AE: All versions
Neoverse N2: All versions
CPE2.3- cpe:2.3:h:arm:cortex-a77:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-a78:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-a78c:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-a78ae:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-a710:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-x1:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-x1c:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-x2:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-x3:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-x4:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-x925:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:neoverse_v1:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:neoverse_v2:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:neoverse_v3:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:neoverse_v3ae:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:neoverse_n2:*:*:*:*:*:*:*:*
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
