OESA-2024-1264

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1264

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1264.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2024-1264

Upstream

CVE-2023-49100

Published

2024-03-08T11:07:10Z

Modified

2025-09-03T06:19:38.916722Z

Summary

arm-trusted-firmware security update

Details

Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.

Security Fix(es):

Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdeiinterruptbind. The parameter is passed to a call to platicgetinterrupttype. It can be any arbitrary value passing checks in the function platicis_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.(CVE-2023-49100)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1

arm-trusted-firmware

Package

Name: arm-trusted-firmware
Purl: pkg:rpm/openEuler/arm-trusted-firmware&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6-4.oe1

Ecosystem specific

{
    "src": [
        "arm-trusted-firmware-1.6-4.oe1.src.rpm"
    ],
    "aarch64": [
        "arm-trusted-firmware-armv8-1.6-4.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP4

arm-trusted-firmware

Package

Name: arm-trusted-firmware
Purl: pkg:rpm/openEuler/arm-trusted-firmware&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6-4.oe2003sp4

Ecosystem specific

{
    "src": [
        "arm-trusted-firmware-1.6-4.oe2003sp4.src.rpm"
    ],
    "aarch64": [
        "arm-trusted-firmware-armv8-1.6-4.oe2003sp4.aarch64.rpm"
    ]
}

openEuler:22.03-LTS

arm-trusted-firmware

Package

Name: arm-trusted-firmware
Purl: pkg:rpm/openEuler/arm-trusted-firmware&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3-4.oe2203sp3

Ecosystem specific

{
    "src": [
        "arm-trusted-firmware-2.3-4.oe2203.src.rpm",
        "arm-trusted-firmware-2.3-4.oe2203sp1.src.rpm",
        "arm-trusted-firmware-2.3-4.oe2203sp2.src.rpm",
        "arm-trusted-firmware-2.3-4.oe2203sp3.src.rpm"
    ],
    "aarch64": [
        "arm-trusted-firmware-armv8-2.3-4.oe2203.aarch64.rpm",
        "arm-trusted-firmware-armv8-2.3-4.oe2203sp1.aarch64.rpm",
        "arm-trusted-firmware-armv8-2.3-4.oe2203sp2.aarch64.rpm",
        "arm-trusted-firmware-armv8-2.3-4.oe2203sp3.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP1

arm-trusted-firmware

Package

Name: arm-trusted-firmware
Purl: pkg:rpm/openEuler/arm-trusted-firmware&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3-4.oe2203sp1

Ecosystem specific

{
    "src": [
        "arm-trusted-firmware-2.3-4.oe2203sp1.src.rpm"
    ],
    "aarch64": [
        "arm-trusted-firmware-armv8-2.3-4.oe2203sp1.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP2

arm-trusted-firmware

Package

Name: arm-trusted-firmware
Purl: pkg:rpm/openEuler/arm-trusted-firmware&distro=openEuler-22.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3-4.oe2203sp2

Ecosystem specific

{
    "src": [
        "arm-trusted-firmware-2.3-4.oe2203sp2.src.rpm"
    ],
    "aarch64": [
        "arm-trusted-firmware-armv8-2.3-4.oe2203sp2.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP3

arm-trusted-firmware

Package

Name: arm-trusted-firmware
Purl: pkg:rpm/openEuler/arm-trusted-firmware&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3-4.oe2203sp3

Ecosystem specific

{
    "src": [
        "arm-trusted-firmware-2.3-4.oe2203sp3.src.rpm"
    ],
    "aarch64": [
        "arm-trusted-firmware-armv8-2.3-4.oe2203sp3.aarch64.rpm"
    ]
}