{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-48251", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T15:10:59.529Z", "dateReserved": "2023-01-10T00:00:00", "datePublished": "2023-01-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-10T00:00:00"}, "descriptions": [{"lang": "en", "value": "The AES instructions on the ARMv8 platform do not have an algorithm that is \"intrinsically resistant\" to side-channel attacks. NOTE: the vendor reportedly offers the position \"while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture.\""}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://eshard.com/posts/sca-attacks-on-armv8"}, {"url": "https://eprint.iacr.org/2022/230"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:10:59.529Z"}, "title": "CVE Program Container", "references": [{"url": "https://eshard.com/posts/sca-attacks-on-armv8", "tags": ["x_transferred"]}, {"url": "https://eprint.iacr.org/2022/230", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a53_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "35B01CAB-2DD1-47D5-A331-B6C7A658C5D5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a53:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF65826-F828-421F-8009-5AA5D25387E6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a55_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B9A6B1E-AF50-4B96-96E7-295EBECED8BC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a55:-:*:*:*:*:*:*:*", "matchCriteriaId": "383CB40D-A1A7-4108-BB28-4A598EB217BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "68D895EC-B0A9-4292-AC64-60673F72C765", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*", "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "38768B2B-F1A3-4A76-8716-9520CA075F3D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7173A6DC-4D4E-424C-A922-C16D67627834", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*", "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A891447-2F1D-48B4-AA47-3CB7EA4FDC7C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "08CC4E5E-2794-4893-9B45-E14A3F4CF159", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6022C19-3C39-439E-AE6E-2319D831CF99", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "155A0C39-4D0A-4264-B392-46002908939C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*", "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "96AB8C81-F441-4563-B5E0-B738DF4D1C50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "The AES instructions on the ARMv8 platform do not have an algorithm that is \"intrinsically resistant\" to side-channel attacks. NOTE: the vendor reportedly offers the position \"while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture.\""}, {"lang": "es", "value": "Las instrucciones AES en la plataforma ARMv8 no tienen un algoritmo que sea \"intr\u00ednsecamente resistente\" a los ataques de canal lateral. NOTA: seg\u00fan se informa, el proveedor ofrece la posici\u00f3n \"si bien los ataques al canal del lado de poder... son posibles, no est\u00e1n directamente causados ni relacionados con la arquitectura Arm\"."}], "id": "CVE-2022-48251", "lastModified": "2024-11-21T07:33:02.947", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-10T07:15:09.647", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://eprint.iacr.org/2022/230"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://eshard.com/posts/sca-attacks-on-armv8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://eprint.iacr.org/2022/230"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://eshard.com/posts/sca-attacks-on-armv8"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}