DescriptionTrusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
|National Vulnerability Database|
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA arm-trusted-firmware-2.8.6-1.1
SUSE Timeline for this CVECVE page created: Mon Jan 16 17:24:25 2023
CVE page last modified: Sat Aug 26 09:53:53 2023