Protection Mechanism Failure in Arm Cortex-A72, Cortex-A73 and Cortex-A75
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-10929 |
| CWE-ID | CWE-693 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Cortex-A72 Hardware solutions / Firmware Cortex-A73 Hardware solutions / Firmware Cortex-A75 Hardware solutions / Firmware |
| Vendor | ARM |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Protection Mechanism Failure
EUVDB-ID: #VU107447
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-10929
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A local attacker can gain a weak form of control over the victim's branch history.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCortex-A72: All versions
Cortex-A73: All versions
Cortex-A75: All versions
CPE2.3- cpe:2.3:h:arm:cortex-a72:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-a73:*:*:*:*:*:*:*:*
- cpe:2.3:h:arm:cortex-a75:*:*:*:*:*:*:*:*
https://developer.arm.com/Arm%20Security%20Center/Spectre-BSE
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
