{ "id": "CVE-2022-48251", "sourceIdentifier": "cve@mitre.org", "published": "2023-01-10T07:15:09.647", "lastModified": "2024-11-21T07:33:02.947", "vulnStatus": "Modified", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", "tags": [ "disputed" ] } ], "descriptions": [ { "lang": "en", "value": "The AES instructions on the ARMv8 platform do not have an algorithm that is \"intrinsically resistant\" to side-channel attacks. NOTE: the vendor reportedly offers the position \"while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture.\"" }, { "lang": "es", "value": "Las instrucciones AES en la plataforma ARMv8 no tienen un algoritmo que sea \"intr\u00ednsecamente resistente\" a los ataques de canal lateral. NOTA: seg\u00fan se informa, el proveedor ofrece la posici\u00f3n \"si bien los ataques al canal del lado de poder... son posibles, no est\u00e1n directamente causados ni relacionados con la arquitectura Arm\"." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-203" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a53_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "35B01CAB-2DD1-47D5-A331-B6C7A658C5D5" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a53:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF65826-F828-421F-8009-5AA5D25387E6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a55_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B9A6B1E-AF50-4B96-96E7-295EBECED8BC" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a55:-:*:*:*:*:*:*:*", "matchCriteriaId": "383CB40D-A1A7-4108-BB28-4A598EB217BD" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "68D895EC-B0A9-4292-AC64-60673F72C765" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*", "matchCriteriaId": "B00CD88D-5649-403F-A55A-BD49427D30FA" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "38768B2B-F1A3-4A76-8716-9520CA075F3D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*", "matchCriteriaId": "16E23102-964E-485D-8EFF-4B1BBFE6EDE4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7173A6DC-4D4E-424C-A922-C16D67627834" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*", "matchCriteriaId": "33B1374D-59E8-4FE5-AC6C-0323AB1DD60D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A891447-2F1D-48B4-AA47-3CB7EA4FDC7C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*", "matchCriteriaId": "7C1DF922-1F46-41A6-A367-E56DD8C4163D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "08CC4E5E-2794-4893-9B45-E14A3F4CF159" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E4FCA77-71D3-495E-BA2A-2953369E5DCC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6022C19-3C39-439E-AE6E-2319D831CF99" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B08A239-BFC8-41EA-8A48-69F8DD7FC221" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "155A0C39-4D0A-4264-B392-46002908939C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*", "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "96AB8C81-F441-4563-B5E0-B738DF4D1C50" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9" } ] } ] } ], "references": [ { "url": "https://eprint.iacr.org/2022/230", "source": "cve@mitre.org", "tags": [ "Technical Description", "Third Party Advisory" ] }, { "url": "https://eshard.com/posts/sca-attacks-on-armv8", "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://eprint.iacr.org/2022/230", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Technical Description", "Third Party Advisory" ] }, { "url": "https://eshard.com/posts/sca-attacks-on-armv8", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory" ] } ] }