CVE-2022-48251

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

he AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."

References

Link	Resource
https://eprint.iacr.org/2022/230	Technical Description Third Party Advisory
https://eshard.com/posts/sca-attacks-on-armv8	Exploit Third Party Advisory
https://eprint.iacr.org/2022/230	Technical Description Third Party Advisory
https://eshard.com/posts/sca-attacks-on-armv8	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:arm:cortex-a53_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a53:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:arm:cortex-a55_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a55:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:33

Type	Values Removed	Values Added
References	~~() https://eprint.iacr.org/2022/230 - Technical Description, Third Party Advisory~~	() https://eprint.iacr.org/2022/230 - Technical Description, Third Party Advisory
References	~~() https://eshard.com/posts/sca-attacks-on-armv8 - Exploit, Third Party Advisory~~	() https://eshard.com/posts/sca-attacks-on-armv8 - Exploit, Third Party Advisory
Summary		(es) Las instrucciones AES en la plataforma ARMv8 no tienen un algoritmo que sea "intrínsecamente resistente" a los ataques de canal lateral. NOTA: según se informa, el proveedor ofrece la posición "si bien los ataques al canal del lado de poder... son posibles, no están directamente causados ni relacionados con la arquitectura Arm".

Information

Published : 2023-01-10 07:15

Updated : 2024-11-21 07:33

NVD link : CVE-2022-48251

Mitre link : CVE-2022-48251

CVE.ORG link : CVE-2022-48251

JSON object : View

Products Affected

arm

CWE

CWE-203

Observable Discrepancy

7.5 /10