CVE-2022-48251

Опубликовано: 10 янв. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."

Ссылки

https://eprint.iacr.org/2022/230
Technical Description
Third Party Advisory
https://eshard.com/posts/sca-attacks-on-armv8
Exploit
Third Party Advisory
https://eprint.iacr.org/2022/230
Technical Description
Third Party Advisory
https://eshard.com/posts/sca-attacks-on-armv8
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:arm:cortex-a53_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a53:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:arm:cortex-a55_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a55:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00372

Низкий

7.5 High

CVSS3

Дефекты

CWE-203

Связанные уязвимости

GHSA-x75h-jr86-mj5x

CVSS3: 7.5

github

около 3 лет назад

** DISPUTED ** The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."

EPSS

Процентиль: 58%

0.00372

Низкий

7.5 High

CVSS3

Дефекты

CWE-203