CVE-2024-7881

Summary

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.

Affected Software

VendorProductVersion RangeStatus
ArmNeoverse V20affected
ArmNeoverse V30affected
ArmNeoverse V3AE0affected
ArmCortex-X30affected
ArmCortex-X40affected
ArmCortex-X9250affected
ArmC1-Pro0affected
ArmC1-Ultra0affected
ArmC1-Premium0affected

Weaknesses

  • CWE-1422: CWE-1422: Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References