CVE-2022-48251

The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."
References
Link Resource
https://eprint.iacr.org/2022/230 Technical Description Third Party Advisory
https://eshard.com/posts/sca-attacks-on-armv8 Exploit Third Party Advisory
https://eprint.iacr.org/2022/230 Technical Description Third Party Advisory
https://eshard.com/posts/sca-attacks-on-armv8 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:arm:cortex-a53_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a53:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:arm:cortex-a55_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a55:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:arm:cortex-a57_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a57:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:arm:cortex-a72_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a72:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:arm:cortex-a73_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a73:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:arm:cortex-a75_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a75:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:arm:cortex-a76_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a76:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:arm:cortex-a76ae_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a76ae:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:33

Type Values Removed Values Added
Summary
  • (es) Las instrucciones AES en la plataforma ARMv8 no tienen un algoritmo que sea "intrínsecamente resistente" a los ataques de canal lateral. NOTA: según se informa, el proveedor ofrece la posición "si bien los ataques al canal del lado de poder... son posibles, no están directamente causados ni relacionados con la arquitectura Arm".
References () https://eprint.iacr.org/2022/230 - Technical Description, Third Party Advisory () https://eprint.iacr.org/2022/230 - Technical Description, Third Party Advisory
References () https://eshard.com/posts/sca-attacks-on-armv8 - Exploit, Third Party Advisory () https://eshard.com/posts/sca-attacks-on-armv8 - Exploit, Third Party Advisory

21 Mar 2024, 02:44

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-10 07:15

Updated : 2024-11-21 07:33


NVD link : CVE-2022-48251

Mitre link : CVE-2022-48251

CVE.ORG link : CVE-2022-48251


JSON object : View

Products Affected

arm

  • cortex-a55
  • cortex-a77_firmware
  • cortex-a72
  • cortex-a78_firmware
  • cortex-a57
  • cortex-a55_firmware
  • cortex-a57_firmware
  • cortex-a76
  • cortex-a72_firmware
  • cortex-a76ae_firmware
  • cortex-a78
  • cortex-a75
  • cortex-a73
  • cortex-a77
  • cortex-a73_firmware
  • cortex-a53
  • cortex-a76_firmware
  • cortex-a53_firmware
  • cortex-a75_firmware
  • cortex-a76ae
CWE
CWE-203

Observable Discrepancy