CVE-2022-48251
HIGHARM Cortex-A Firmware - Side-Channel Information Disclosure via AES Instructions
Title source: llmDescription
The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."
References (2)
Core 2
Core References
Technical Description, Third Party Advisory
https://eprint.iacr.org/2022/230
Exploit, Third Party Advisory
https://eshard.com/posts/sca-attacks-on-armv8
Scores
CVSS v3
7.5
EPSS
0.0037
EPSS Percentile
59.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-203
Status
published
Products (10)
arm/cortex-a53_firmware
arm/cortex-a55_firmware
arm/cortex-a57_firmware
arm/cortex-a72_firmware
arm/cortex-a73_firmware
arm/cortex-a75_firmware
arm/cortex-a76_firmware
arm/cortex-a76ae_firmware
arm/cortex-a77_firmware
arm/cortex-a78_firmware
Published
Jan 10, 2023
Tracked Since
Feb 18, 2026