CVE-2024-7881

MEDIUM EPSS 8.9%
Published Jan 28, 20251y ago · Modified Jun 17, 20262w ago
5.1 CVSS 3.1
Medium
Find Similar
Published Jan 28, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.

CVSS Details

Base Score
5.1
Exploitability
2.5
Impact
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
8.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-203

Affected Products 18

VendorProductVersionRange
armc1-premium_firmware*any
armc1-premium*any
armc1-pro_firmware*any
armc1-pro*any
armc1-ultra_firmware*any
armc1-ultra*any
armcortex-x3_firmware*any
armcortex-x3*any
armcortex-x4_firmware*any
armcortex-x4*any
armcortex-x925_firmware*any
armcortex-x925*any
armneoverse-v2_firmware*any
armneoverse-v2*any
armneoverse-v3_firmware*any
armneoverse-v3*any
armneoverse-v3ae_firmware*any
armneoverse-v3ae*any

References 1

  • developer.arm.com https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.