CVE-2025-1037

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...

CVE-2025-1037

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...

CVE-2025-1037

CVE-2025-1037 affects Hitachi TropOS 4th Gen. The Red Hat, NVD, ENISA/EUVD, CIRCL sighting entries describe a vulnerability in the device’s web-based configuration utility (notably the Logging page) where an authenticated, low-privileged user who can run user-level shell commands can abuse script...

CVE-2025-1037

By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell SSH to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allo...

OESA-2025-1345 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...

OESA-2025-1344 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...

OESA-2025-1342 arm-trusted-firmware security update

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures Armv8-A and Armv7-A, including an Exception Level 3 EL3 Secure Monitor. Security Fixes: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a...

DEBIAN-CVE-2024-7881

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...

CVE-2024-7881

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...

CVE-2024-7881

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...

CVE-2024-7881

CVE-2024-7881 affects Arm Trusted Firmware-A (ATF) for Arm A‑Profile architectures. The flaw allows an unprivileged context to trigger a data memory‑dependent prefetch that fetches contents from a privileged location and uses those contents as an address that is dereferenced. This is a local issu...

CVE-2024-7881

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...

ARM CPU 安全漏洞

ARM CPUs are a family of central processors from the British company ARM. The ARM CPUs suffer from a security vulnerability that stems from the fact that an unprivileged context can trigger a data memory-related prefetch engine to fetch the contents of a privileged location and use those contents...

PT-2025-3695

Name of the Vulnerable Software and Affected Versions arm64 CPU affected versions not specified Description The issue allows an unprivileged context to trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is...

CVE-2021-22566 Incorrect mapping of Executable bits in Fuchsia Kernel

An incorrect setting of UXN bits within mmuflagstos1pteattr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits...

CVE-2021-22566 Incorrect mapping of Executable bits in Fuchsia Kernel

An incorrect setting of UXN bits within mmuflagstos1pteattr lead to privileged executable pages being mapped as executable from an unprivileged context. This can be leveraged by an attacker to bypass executability restrictions of kernel-mode pages from user-mode. An incorrect setting of PXN bits...