CVE-2021-35465

Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.4 LOW
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
armcortex-m33_firmware
r0p0 ≤
𝑥
≤ r1p0
armcortex-m55_firmware
r0p0 ≤
𝑥
≤ r1p0
armchina_star-mc1_firmware
-
𝑥
= Vulnerable software versions
References
https://developer.arm.com/support/arm-security-updates
https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability
https://developer.arm.com/support/arm-security-updates
https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability