CyberSec.Space Logo
Back to CVE Browser

CVE-2017-7563

HIGH
8.1
CVSS Severity Score
EPSS Score0.1500%
EPSS Percentile13.53th
PublishedJun 7, 2017
Last ModifiedJun 8, 2026

Vulnerability Description

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).

Affected Platforms (CPE)

💻
Trustedfirmware

Trusted Firmware A

<= 1.3

References & Advisories

🔗 https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3
🔗 https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3

Related Vulnerabilities

CVE-2016-56699.8

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificat...

CVE-2021-206958.8

Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote...

CVE-2017-57077.8

Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system ...

CVE-2017-57107.8

Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access priv...