#VU103509 Security features bypass in ARM products - CVE-2024-5660
Published: February 3, 2025
Vulnerability identifier: #VU103509
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:U/U:Amber
CVE-ID: CVE-2024-5660
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cortex-A77
Cortex-A78
Cortex-A78C
Cortex-A78AE
Cortex-A710
Cortex-X1
Cortex-X1C
Cortex-X2
Cortex-X3
Cortex-X4
Cortex-X925
Neoverse V1
Neoverse V2
Neoverse V3
Neoverse V3AE
Neoverse N2
Cortex-A77
Cortex-A78
Cortex-A78C
Cortex-A78AE
Cortex-A710
Cortex-X1
Cortex-X1C
Cortex-X2
Cortex-X3
Cortex-X4
Cortex-X925
Neoverse V1
Neoverse V2
Neoverse V3
Neoverse V3AE
Neoverse N2
Software vendor:
ARM
ARM
Description
The vulnerability allows a malicious guest to compromise the hypervisor.
The vulnerability exists due to incorrect memory address translation when Hardware Page Aggregation (HPA) is enabled and Stage-1 and/or Stage-2 translation is enabled for the active translation regime. A malicious guest can bypass Stage-2 translation and/or GPT protection and compromise the host in certain hypervisor environments.
Remediation
The vendor recommends disabling page aggregation by setting CPUECTLR_EL1[46] to 1.