CVE-2025-62864

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context...

CVE-2025-62863

Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 address space...

CVE-2025-62863

CVE-2025-62863 concerns AmpereOne processors (AC03 before 3.5.9.3, AC04 before 4.4.5.2, M before 5.4.5.1). The issue arises from an incorrectly formed System Management Call (SMC) to the UEFI-MM PCIe driver, which could enable an out-of-bounds write in the PCIe driver’s S-EL0 address space. Repor...

CVE-2025-62862

CVE-2025-62862 concerns AmpereOne AC03 (before 3.5.9.3), AC04 (before 4.4.5.2), and M (before 5.4.5.1). The root cause is an incorrectly formed SMC call to the UEFI-MM Boot Error Record Table driver, enabling (1) out-of-bounds reads that may leak Secure-EL0 information to Non-Secure state, or (2)...

CVE-2024-53161

In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of memctrlidx left-shifted 16 bits and OR-ed with DIMM index. With memctrlidx defined as 32-bits wide the left-shift...

CVE-2024-53161

CVE-2024-53161 is tied to the Linux kernel EDAC/bluefield issue: the 64-bit get-DIMM-info SMC argument used mem_ctrl_idx left-shifted by 16 and OR’d with the DIMM index; with mem_ctrl_idx treated as 32-bit this can truncate the upper 16 bits, risking data loss. The advisory states the mem_ctrl_id...

CVE-2024-46692

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark getwqctx as atomic call Currently getwqctx is wrongly configured as a standard call. When two SMC calls are in sleep and one SMC wakes up, it calls getwqctx to resume the corresponding sleeping thread. B...

CVE-2024-46692 firmware: qcom: scm: Mark get_wq_ctx() as atomic call

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark getwqctx as atomic call Currently getwqctx is wrongly configured as a standard call. When two SMC calls are in sleep and one SMC wakes up, it calls getwqctx to resume the corresponding sleeping thread. B...

CVE-2024-46692 firmware: qcom: scm: Mark get_wq_ctx() as atomic call

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark getwqctx as atomic call Currently getwqctx is wrongly configured as a standard call. When two SMC calls are in sleep and one SMC wakes up, it calls getwqctx to resume the corresponding sleeping thread. B...

Out-of-bounds

Trusted Firmware-A TF-A before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdeiinterruptbind. The parameter is passed to a call to platicgetinterrupttype. It can be any arbitrary value passing...

CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components...

Input validation

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components...

CVE-2022-42269

CVE-2022-42269 affects NVIDIA Trusted OS via an SMC call handler where untrusted input is not validated, allowing a highly privileged local attacker to disclose information and compromise integrity. The issue is documented across multiple sources, with NVIDIA’s security bulletin indicating affect...

CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components...

CVE-2021-25470

An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE...

Input validation

An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE...

CVE-2021-25470

An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE...

CVE-2021-25470

CVE-2021-25470 affects TEEGRIS Secure OS prior to SMR Oct‑2021 Release 1. The issue is an improper caller check logic in the SMC call that can be used to compromise the Trusted Execution Environment (TEE). Impact is described as TEE compromise; no exploit details provided in the documents. Mitiga...

CVE-2021-34390

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service...

CVE-2021-34390

Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service...