CVE-2024-7881
MEDIUM EPSS 8.9%
Published Jan 28, 20251y ago · Modified Jun 17, 20262w ago
5.1 CVSS 3.1
Published Jan 28, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
8.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-203
Affected Products 18
| Vendor | Product | Version | Range |
|---|---|---|---|
| arm | c1-premium_firmware | * | any |
| arm | c1-premium | * | any |
| arm | c1-pro_firmware | * | any |
| arm | c1-pro | * | any |
| arm | c1-ultra_firmware | * | any |
| arm | c1-ultra | * | any |
| arm | cortex-x3_firmware | * | any |
| arm | cortex-x3 | * | any |
| arm | cortex-x4_firmware | * | any |
| arm | cortex-x4 | * | any |
| arm | cortex-x925_firmware | * | any |
| arm | cortex-x925 | * | any |
| arm | neoverse-v2_firmware | * | any |
| arm | neoverse-v2 | * | any |
| arm | neoverse-v3_firmware | * | any |
| arm | neoverse-v3 | * | any |
| arm | neoverse-v3ae_firmware | * | any |
| arm | neoverse-v3ae | * | any |
References 1
- developer.arm.com https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.