CVE-2021-35465 - OpenCVE

Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arm	China Star-mc1 China Star-mc1 Firmware Cortex-m33 Cortex-m33 Firmware Cortex-m35p Cortex-m35p Firmware Cortex-m55 Cortex-m55 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:arm:cortex-m33:-:*:*:*:*:*:*:*

cpe:2.3:o:arm:cortex-m33_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:arm:cortex-m35p:-:*:*:*:*:*:*:*

cpe:2.3:o:arm:cortex-m35p_firmware:r0:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:arm:cortex-m55:-:*:*:*:*:*:*:*

cpe:2.3:o:arm:cortex-m55_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:arm:china_star-mc1:-:*:*:*:*:*:*:*

cpe:2.3:o:arm:china_star-mc1_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://developer.arm.com/support/arm-security-updates
https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-23T12:44:08

Updated: 2024-08-04T00:40:45.965Z

Reserved: 2021-06-23T00:00:00

Link: CVE-2021-35465

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-08-23T13:15:07.667

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-35465

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-23T12:44:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://developer.arm.com/support/arm-security-updates"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-35465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://developer.arm.com/support/arm-security-updates", "refsource": "MISC", "url": "https://developer.arm.com/support/arm-security-updates"}, {"name": "https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability", "refsource": "CONFIRM", "url": "https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:40:45.965Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://developer.arm.com/support/arm-security-updates"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-35465", "datePublished": "2021-08-23T12:44:08", "dateReserved": "2021-06-23T00:00:00", "dateUpdated": "2024-08-04T00:40:45.965Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-m33:-:*:*:*:*:*:*:*", "matchCriteriaId": "4595439A-ADC7-4C65-9DEB-6DEFE8F9A48F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-m33_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8743FD78-DA56-4809-9BE7-2CD84F785598", "versionEndIncluding": "r1p0", "versionStartIncluding": "r0p0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-m35p:-:*:*:*:*:*:*:*", "matchCriteriaId": "420AB2CA-D4C8-46C8-9E0F-813ADBF5DCBC", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-m35p_firmware:r0:*:*:*:*:*:*:*", "matchCriteriaId": "F7CD4A53-9AFC-40CA-8BA3-611B2E27AC51", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-m55:-:*:*:*:*:*:*:*", "matchCriteriaId": "79E2E419-58A9-4F2E-B7A7-C9CB177F6543", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-m55_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D345484-BA9B-4F6C-9B54-6FEB6C8F0DC6", "versionEndIncluding": "r1p0", "versionStartIncluding": "r0p0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:arm:china_star-mc1:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DC6F685-2230-4560-BFEA-A2231C0A6C1A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:arm:china_star-mc1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "325B4E68-0CEB-4D13-AF1E-118C4851A28C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration)."}, {"lang": "es", "value": "Determinados productos de Arm antes del 23-08-2021 no consideran apropiadamente el efecto de las excepciones en una instrucci\u00f3n VLLDM. Un manejador no seguro puede tener acceso de lectura o escritura a parte de un contexto seguro. Esto afecta a Arm Cortex-M33 r0p0 versiones hasta r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 versiones hasta r1p0, y Arm China STAR-MC1 (en la configuraci\u00f3n STAR SE)."}], "id": "CVE-2021-35465", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-23T13:15:07.667", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/support/arm-security-updates"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/support/arm-security-updates/vlldm-instruction-security-vulnerability"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}