CVE-2017-9607
7.0 HIGHThe BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass t...
Published: 2017-09-20 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 7.0 HIGH
- Vector
- CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-190
Affected products
| Vendor | Product |
|---|---|
| trustedfirmware | trusted_firmware-a |
Description
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2017-9607
- [Patch]https://github.com/ARM-software/arm-trusted-firmware/blob/v1.4/docs/change-log.rst#new-features
- [Patch]https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-4
- [Patch]https://github.com/ARM-software/arm-trusted-firmware/blob/v1.4/docs/change-log.rst#new-features
- [Patch]https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-4
Related CVEs
Same vendor
- CVE-2026-45702 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.4 MEDIUM)
- CVE-2026-45614 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (4.7 MEDIUM)
- CVE-2026-40290 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.8 HIGH)
- CVE-2026-33662 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (7.5 HIGH)
- CVE-2026-33317 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using t... (8.7 HIGH)
Same CWE
- CVE-2026-10649 — A flaw was found in Pacemaker (8.6 HIGH)
- CVE-2026-53705 — A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good (7.6 HIGH)
- CVE-2026-52722 — A signed integer overflow vulnerability was found in GStreamer's VMnc decoder (7.1 HIGH)
- CVE-2025-55647 — An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of ... (5.5 MEDIUM)
- CVE-2026-6045 — LibreOffice can import EMF+ graphics, which may be embedded in documents