CVE-2024-5660
CRITICAL EPSS 41.5%
Published Dec 10, 20241y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published Dec 10, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
41.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-668
Affected Products 32
| Vendor | Product | Version | Range |
|---|---|---|---|
| arm | cortex-a710_firmware | * | any |
| arm | cortex-a710 | * | any |
| arm | cortex-a77_firmware | * | any |
| arm | cortex-a77 | * | any |
| arm | cortex-a78_firmware | * | any |
| arm | cortex-a78 | * | any |
| arm | cortex-a78ae_firmware | * | any |
| arm | cortex-a78ae | * | any |
| arm | cortex-a78c_firmware | * | any |
| arm | cortex-a78c | * | any |
| arm | cortex-x1_firmware | * | any |
| arm | cortex-x1 | * | any |
| arm | cortex-x1c_firmware | * | any |
| arm | cortex-x1c | * | any |
| arm | cortex-x2_firmware | * | any |
| arm | cortex-x2 | * | any |
| arm | cortex-x3_firmware | * | any |
| arm | cortex-x3 | * | any |
| arm | cortex-x4_firmware | * | any |
| arm | cortex-x4 | * | any |
| arm | cortex-x925_firmware | * | any |
| arm | cortex-x925 | * | any |
| arm | neoverse_n2_firmware | * | any |
| arm | neoverse_n2 | * | any |
| arm | neoverse-v1_firmware | * | any |
| arm | neoverse-v1 | * | any |
| arm | neoverse-v2_firmware | * | any |
| arm | neoverse-v2 | * | any |
| arm | neoverse-v3_firmware | * | any |
| arm | neoverse-v3 | * | any |
| arm | neoverse-v3ae_firmware | * | any |
| arm | neoverse-v3ae | * | any |
References 1
- developer.arm.com https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.