CVE-2024-5660

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-5660
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-5660.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-5660
Related
Published
2024-12-10T14:30:47Z
Modified
2025-05-26T20:55:25.779804Z
Downstream
Summary
[none]
Details

Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection.

References

Affected packages

Alpine:v3.18 / arm-trusted-firmware

Package

Name
arm-trusted-firmware
Purl
pkg:apk/alpine/arm-trusted-firmware?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.32-r0

Affected versions

2.*

2.1-r0
2.2-r0
2.3-r0
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.7.0-r0
2.7.0-r1
2.7.0-r2
2.7.0-r3
2.8.0-r0
2.8.0-r1
2.8.0-r2
2.8.6-r0

Alpine:v3.19 / arm-trusted-firmware

Package

Name
arm-trusted-firmware
Purl
pkg:apk/alpine/arm-trusted-firmware?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.32-r0

Affected versions

2.*

2.1-r0
2.2-r0
2.3-r0
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.7.0-r0
2.7.0-r1
2.7.0-r2
2.7.0-r3
2.8.0-r0
2.8.0-r1
2.8.0-r2
2.8.6-r0
2.8.8-r0
2.8.9-r0
2.8.12-r0
2.8.13-r0

Alpine:v3.20 / arm-trusted-firmware

Package

Name
arm-trusted-firmware
Purl
pkg:apk/alpine/arm-trusted-firmware?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.32-r0

Affected versions

2.*

2.1-r0
2.2-r0
2.3-r0
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.7.0-r0
2.7.0-r1
2.7.0-r2
2.7.0-r3
2.8.0-r0
2.8.0-r1
2.8.0-r2
2.8.6-r0
2.8.8-r0
2.8.9-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.14-r1

Alpine:v3.21 / arm-trusted-firmware

Package

Name
arm-trusted-firmware
Purl
pkg:apk/alpine/arm-trusted-firmware?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.32-r0

Affected versions

2.*

2.1-r0
2.2-r0
2.3-r0
2.5-r0
2.5-r1
2.5-r2
2.5-r3
2.6-r0
2.6-r1
2.7.0-r0
2.7.0-r1
2.7.0-r2
2.7.0-r3
2.8.0-r0
2.8.0-r1
2.8.0-r2
2.8.6-r0
2.8.8-r0
2.8.9-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.14-r1
2.8.25-r0

Debian:11 / arm-trusted-firmware

Package

Name
arm-trusted-firmware
Purl
pkg:deb/debian/arm-trusted-firmware?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4+dfsg-2
2.5+dfsg-1
2.5+dfsg-2
2.6~rc0+dfsg-1
2.6+dfsg-1
2.7.0+dfsg-1
2.7.0+dfsg-2
2.8.0+dfsg-1
2.9.0+dfsg-1
2.9.0+dfsg-2
2.9.0+dfsg-3
2.10.0+dfsg-1
2.10.10+dfsg-1
2.12.0+dfsg-1
2.12.0+dfsg-2
2.12.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / arm-trusted-firmware

Package

Name
arm-trusted-firmware
Purl
pkg:deb/debian/arm-trusted-firmware?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.0+dfsg-1
2.9.0+dfsg-1
2.9.0+dfsg-2
2.9.0+dfsg-3
2.10.0+dfsg-1
2.10.10+dfsg-1
2.12.0+dfsg-1
2.12.0+dfsg-2
2.12.1+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / arm-trusted-firmware

Package

Name
arm-trusted-firmware
Purl
pkg:deb/debian/arm-trusted-firmware?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.12.1+dfsg-1

Affected versions

2.*

2.8.0+dfsg-1
2.9.0+dfsg-1
2.9.0+dfsg-2
2.9.0+dfsg-3
2.10.0+dfsg-1
2.10.10+dfsg-1
2.12.0+dfsg-1
2.12.0+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}