An unprivileged context can trigger a data
memory-dependent prefetch engine to fetch the contents of a privileged location
and consume those contents as an address that is also dereferenced.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00107.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Arm Neoverse V2 affected
Version Status Constraints
0 affected
Arm Neoverse V3 affected
Version Status Constraints
0 affected
Arm Neoverse V3AE affected
Version Status Constraints
0 affected
Arm Cortex-X3 affected
Version Status Constraints
0 affected
Arm Cortex-X4 affected
Version Status Constraints
0 affected
Arm Cortex-X925 affected
Version Status Constraints
0 affected
Arm C1-Pro unaffected
Version Status Constraints
0 affected
Arm C1-Ultra unaffected
Version Status Constraints
0 affected
Arm C1-Premium unaffected
Version Status Constraints
0 affected

Configuration 1 [-]

AND
cpe:2.3:o:arm:c1-premium_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:c1-premium:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:arm:c1-pro_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:c1-pro:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:arm:c1-ultra_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:c1-ultra:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:arm:cortex-x3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x3:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:arm:cortex-x4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x4:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:arm:cortex-x925_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x925:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:arm:neoverse-v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-v2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:arm:neoverse-v3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-v3:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:arm:neoverse-v3ae_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-v3ae:-:*:*:*:*:*:*:*

No data.

No data.

Subscriptions

Vendors Products
Arm Subscribe
C1-premium Subscribe
C1-premium Firmware Subscribe
C1-pro Subscribe
C1-pro Firmware Subscribe
C1-ultra Subscribe
C1-ultra Firmware Subscribe
Cortex-x3 Subscribe
Cortex-x3 Firmware Subscribe
Cortex-x4 Subscribe
Cortex-x4 Firmware Subscribe
Cortex-x925 Subscribe
Cortex-x925 Firmware Subscribe
Neoverse-v2 Subscribe
Neoverse-v2 Firmware Subscribe
Neoverse-v3 Subscribe
Neoverse-v3 Firmware Subscribe
Neoverse-v3ae Subscribe
Neoverse-v3ae Firmware Subscribe

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 cve-icon cve-icon
History

Thu, 18 Dec 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Arm
Arm c1-premium
Arm c1-premium Firmware
Arm c1-pro
Arm c1-pro Firmware
Arm c1-ultra
Arm c1-ultra Firmware
Arm cortex-x3
Arm cortex-x3 Firmware
Arm cortex-x4
Arm cortex-x4 Firmware
Arm cortex-x925
Arm cortex-x925 Firmware
Arm neoverse-v2
Arm neoverse-v2 Firmware
Arm neoverse-v3
Arm neoverse-v3 Firmware
Arm neoverse-v3ae
Arm neoverse-v3ae Firmware
Weaknesses CWE-203
CPEs cpe:2.3:h:arm:c1-premium:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:c1-pro:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:c1-ultra:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x3:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x4:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-x925:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-v2:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-v3:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:neoverse-v3ae:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:c1-premium_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:c1-pro_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:c1-ultra_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:cortex-x3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:cortex-x4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:cortex-x925_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:neoverse-v2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:neoverse-v3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:arm:neoverse-v3ae_firmware:-:*:*:*:*:*:*:*
Vendors & Products Arm
Arm c1-premium
Arm c1-premium Firmware
Arm c1-pro
Arm c1-pro Firmware
Arm c1-ultra
Arm c1-ultra Firmware
Arm cortex-x3
Arm cortex-x3 Firmware
Arm cortex-x4
Arm cortex-x4 Firmware
Arm cortex-x925
Arm cortex-x925 Firmware
Arm neoverse-v2
Arm neoverse-v2 Firmware
Arm neoverse-v3
Arm neoverse-v3 Firmware
Arm neoverse-v3ae
Arm neoverse-v3ae Firmware

Thu, 06 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Description An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.
Weaknesses CWE-1422
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Arm

Published:

Updated: 2025-11-18T13:14:02.578Z

Reserved: 2024-08-16T13:57:21.218Z

Link: CVE-2024-7881

cve-icon Vulnrichment

Updated: 2025-01-28T17:06:26.082Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-28T15:15:12.847

Modified: 2025-12-18T15:36:35.500

Link: CVE-2024-7881

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses