Jan. 16, 2023, 4:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.

attackers boot certificates cve firmware information out-of-bounds parsing sensitive information side effects state trigger

Information Security Engineers

@ D. E. Shaw Research | New York City

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Information System Security Engineer 2

@ Wyetech | Annapolis Junction, Maryland

Staff Vulnerability/Configuration Management Security Engineer

@ ServiceNow | Hyderabad, India

Security Engineer

@ AXS | London, England, UK