CVE-2016-10319
MEDIUMARM Trusted Firmware 1.2-1.3 - Integer Overflow in Firmware Update SMC Handling
Title source: llmDescription
In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.
References (1)
Core 1
Core References
Issue Tracking, Patch, VDB Entry x_refsource_confirm
https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-1
Scores
CVSS v3
5.9
EPSS
0.0160
EPSS Percentile
72.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
Status
published
Products (2)
arm_trusted_firmware_project/arm_trusted_firmware
1.2
arm_trusted_firmware_project/arm_trusted_firmware
1.3
Published
Apr 06, 2017
Tracked Since
Feb 18, 2026