CVE-2024-7881
published 2025-01-28CVE-2024-7881: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an…
medium5.1CVSS 3.1
AVLACLPRNUINSUCLILAN
An unprivileged context can trigger a data
memory-dependent prefetch engine to fetch the contents of a privileged location
and consume those contents as an address that is also dereferenced.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arm | arm-trusted-firmware | >= 0 < 2.12.1+dfsg-1 | 2.12.1+dfsg-1 |
| arm | arm-trusted-firmware | >= 0 < 2.12.1+dfsg-1 | 2.12.1+dfsg-1 |
| arm | c1-premium | — | — |
| arm | c1-pro | — | — |
| arm | c1-ultra | — | — |
| arm | cortex-x3 | — | — |
| arm | cortex-x4 | — | — |
| arm | cortex-x925 | — | — |
| arm | neoverse_v2 | — | — |
| arm | neoverse_v3 | — | — |
| arm | neoverse_v3ae | — | — |
| debian | arm-trusted-firmware | < arm-trusted-firmware 2.12.1+dfsg-1 (forky) | arm-trusted-firmware 2.12.1+dfsg-1 (forky) |
| android | — | — |
CVSS provenance
nvdv3.15.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv5.1MEDIUM
OSV
CVE-2024-7881: In TBD of TBD, there is a possible memory leak due to improper input validation
osv·2025-09-01
CVE-2024-7881 CVE-2024-7881: In TBD of TBD, there is a possible memory leak due to improper input validation
In TBD of TBD, there is a possible memory leak due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
GHSA
GHSA-75fm-2jm9-p338: An unprivileged context can trigger a data
memory-dependent prefetch engine to fetch the contents of a privileged location
and consume those contents
ghsa_unreviewed·2025-01-28
CVE-2024-7881 [MEDIUM] CWE-203 GHSA-75fm-2jm9-p338: An unprivileged context can trigger a data
memory-dependent prefetch engine to fetch the contents of a privileged location
and consume those contents
An unprivileged context can trigger a data
memory-dependent prefetch engine to fetch the contents of a privileged location
and consume those contents as an address that is also dereferenced.
OSV
CVE-2024-7881: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents
osv·2025-01-28·CVSS 5.1
CVE-2024-7881 [MEDIUM] CVE-2024-7881: An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.
Android
CVE-2024-7881: CPU
vendor_android·2025-09-01·CVSS 5.1
CVE-2024-7881 [MEDIUM] CVE-2024-7881: CPU
Android Security Bulletin 2025-09-01
CVE: CVE-2024-7881
Severity: HIGH
Component: CPU
References: A-361573291
*
Debian
CVE-2024-7881: arm-trusted-firmware - An unprivileged context can trigger a data memory-dependent prefetch engine to f...
vendor_debian·2024·CVSS 5.1
CVE-2024-7881 [MEDIUM] CVE-2024-7881: arm-trusted-firmware - An unprivileged context can trigger a data memory-dependent prefetch engine to f...
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 2.12.1+dfsg-1)
sid: resolved (fixed in 2.12.1+dfsg-1)
trixie: resolved (fixed in 2.12.1+dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-28
Published