FKIE_CVE-2024-5660

Vulnerability from fkie_nvd - Published: 2024-12-10 14:30 - Updated: 2026-01-05 14:44
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection.
References
arm-security@arm.comhttps://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660Vendor Advisory
Impacted products
Vendor Product Version
arm cortex-a710_firmware -
arm cortex-a710 -
arm cortex-a77_firmware -
arm cortex-a77 -
arm cortex-a78_firmware -
arm cortex-a78 -
arm cortex-a78ae_firmware -
arm cortex-a78ae -
arm cortex-a78c_firmware -
arm cortex-a78c -
arm cortex-x1_firmware -
arm cortex-x1 -
arm cortex-x1c_firmware -
arm cortex-x1c -
arm cortex-x2_firmware -
arm cortex-x2 -
arm cortex-x3_firmware -
arm cortex-x3 -
arm cortex-x4_firmware -
arm cortex-x4 -
arm cortex-x925_firmware -
arm cortex-x925 -
arm neoverse_n2_firmware -
arm neoverse_n2 -
arm neoverse-v1_firmware -
arm neoverse-v1 -
arm neoverse-v2_firmware -
arm neoverse-v2 -
arm neoverse-v3_firmware -
arm neoverse-v3 -
arm neoverse-v3ae_firmware -
arm neoverse-v3ae -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AF7E5CA-95FF-4242-BD6E-8BDC185DA095",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "155A0C39-4D0A-4264-B392-46002908939C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96AB8C81-F441-4563-B5E0-B738DF4D1C50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30BECA7-C45A-423D-9200-98D51BE9C84C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-a78c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0B159B3-65DD-4914-A4A4-EF342A3BAEB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a78c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6194A1A7-A29D-4ECC-8D6D-02C17D49851E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D200C1F-1909-4952-824F-A2D279B9B37E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-x1c_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77394F8B-97DF-425C-923C-26C829ED5C14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-x1c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BE97A9-218A-498F-8F41-23F31DC9FF72",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B749251-B873-4E37-BB5C-1D4C021205D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-x3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E776B4A0-0642-489C-B03B-F6B9FFDFFD11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-x3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "979779A2-D556-4EF5-932D-F38009186B91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-x4_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F8394E0-E173-41B5-B13D-6F45947D46E6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-x4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63E0897F-9D56-4835-8C12-B3758CF38F96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:cortex-x925_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2C4EC2-711A-407A-A8F4-7E7134B4F06E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-x925:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CE6CA3-E32E-4892-A7DB-D4A879956320",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B37176F-0AF4-4410-9C1F-4C5ED0051681",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E32A1FF8-3A37-4D10-8DBB-3ECAA8A5F970",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:neoverse-v2_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E7E713-E11C-45CB-83E7-C21F57720A55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:neoverse-v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DF8B63B-C2E7-4C97-BA5C-79E2278F0C52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:neoverse-v3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E84400-B02D-4B8D-9179-5428D38641CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:neoverse-v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFC574FE-7462-4E50-AE4A-5204C339C1F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arm:neoverse-v3ae_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0CDE1B2-393F-4D2A-B872-3317B26D06B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:neoverse-v3ae:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66BD33A8-6D01-4A63-B81E-E974CDFAD04A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection."
    },
    {
      "lang": "es",
      "value": "El uso de agregaci\u00f3n de p\u00e1ginas de hardware (HPA) y traducci\u00f3n de etapa 1 y/o etapa 2 en A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3, X4, N2, X925 y Travis puede permitir la omisi\u00f3n de la traducci\u00f3n de etapa 2 y/o la protecci\u00f3n GPT."
    }
  ],
  "id": "CVE-2024-5660",
  "lastModified": "2026-01-05T14:44:15.913",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-10T14:30:47.963",
  "references": [
    {
      "source": "arm-security@arm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660"
    }
  ],
  "sourceIdentifier": "arm-security@arm.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "arm-security@arm.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.