{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5660", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "state": "PUBLISHED", "assignerShortName": "Arm", "dateReserved": "2024-06-05T16:55:44.691Z", "datePublished": "2024-12-10T13:55:44.488Z", "dateUpdated": "2024-12-16T13:10:13.630Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Cortex-A77", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Neoverse V1", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Cortex-A78AE", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Cortex-78C", "vendor": "Arm", "versions": [{"status": "affected", "version": "0"}]}, {"defaultStatus": "affected", "product": "Cortex-X1C", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Cortex-A78", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Cortex-X1", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Neoverse N2", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Cortex-A710", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Cortex-X2", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Neoverse V2", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Cortex-X3", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Neoverse V3AE", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Neoverse V3", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Cortex-X4", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Cortex-X925", "vendor": "Arm", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-12-10T13:54:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on <span style=\"background-color: rgba(29, 28, 29, 0.04);\">Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2</span> may permit bypass of Stage-2 translation and/or GPT protection.<br>"}], "value": "Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "CWE-668 Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2024-12-16T13:10:13.630Z"}, "references": [{"url": "https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-10T21:25:35.684368Z", "id": "CVE-2024-5660", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-10T21:26:26.859Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-5660", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-10T21:25:35.684368Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-10T21:26:17.715Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Arm", "product": "Cortex-A77", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Neoverse V1", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-A78AE", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-78C", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-X1C", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-A78", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-X1", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Neoverse N2", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-A710", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-X2", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Neoverse V2", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-X3", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Neoverse V3AE", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Neoverse V3", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-X4", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "Arm", "product": "Cortex-X925", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}], "defaultStatus": "affected"}], "datePublic": "2024-12-10T13:54:00.000Z", "references": [{"url": "https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection.", "supportingMedia": [{"type": "text/html", "value": "Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on <span style=\"background-color: rgba(29, 28, 29, 0.04);\">Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2</span> may permit bypass of Stage-2 translation and/or GPT protection.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-668", "description": "CWE-668 Exposure of Resource to Wrong Sphere"}]}], "providerMetadata": {"orgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "shortName": "Arm", "dateUpdated": "2024-12-16T13:10:13.630Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5660", "state": "PUBLISHED", "dateUpdated": "2024-12-16T13:10:13.630Z", "dateReserved": "2024-06-05T16:55:44.691Z", "assignerOrgId": "56a131ea-b967-4a0d-a41e-5f3549952846", "datePublished": "2024-12-10T13:55:44.488Z", "assignerShortName": "Arm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2AF7E5CA-95FF-4242-BD6E-8BDC185DA095", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CEEC509-2A56-48F1-B388-3A8660D58FB5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "155A0C39-4D0A-4264-B392-46002908939C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*", "matchCriteriaId": "514DE9F5-D826-42AA-B4CF-3EB09F4D3D5D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "96AB8C81-F441-4563-B5E0-B738DF4D1C50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDA3C472-D1E9-47B3-AFD0-BD274E3291F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E30BECA7-C45A-423D-9200-98D51BE9C84C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E376B2A-430D-4D1D-BC28-92CD7E1E8564", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-a78c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0B159B3-65DD-4914-A4A4-EF342A3BAEB9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-a78c:-:*:*:*:*:*:*:*", "matchCriteriaId": "6194A1A7-A29D-4ECC-8D6D-02C17D49851E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D200C1F-1909-4952-824F-A2D279B9B37E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FC9F68C-7D65-4D29-AAA1-BA43228C6208", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x1c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "77394F8B-97DF-425C-923C-26C829ED5C14", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x1c:-:*:*:*:*:*:*:*", "matchCriteriaId": "62BE97A9-218A-498F-8F41-23F31DC9FF72", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B749251-B873-4E37-BB5C-1D4C021205D3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D7FB822-DD26-402E-A413-EF55B6C01D07", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E776B4A0-0642-489C-B03B-F6B9FFDFFD11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x3:-:*:*:*:*:*:*:*", "matchCriteriaId": "979779A2-D556-4EF5-932D-F38009186B91", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F8394E0-E173-41B5-B13D-6F45947D46E6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x4:-:*:*:*:*:*:*:*", "matchCriteriaId": "63E0897F-9D56-4835-8C12-B3758CF38F96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:cortex-x925_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF2C4EC2-711A-407A-A8F4-7E7134B4F06E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:cortex-x925:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1CE6CA3-E32E-4892-A7DB-D4A879956320", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B37176F-0AF4-4410-9C1F-4C5ED0051681", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*", "matchCriteriaId": "D2F2936E-A611-472E-8EF0-F336A19DF578", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E32A1FF8-3A37-4D10-8DBB-3ECAA8A5F970", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3F388EB-8A46-43E1-9AB1-5832FBB9262A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse-v2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "96E7E713-E11C-45CB-83E7-C21F57720A55", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse-v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DF8B63B-C2E7-4C97-BA5C-79E2278F0C52", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse-v3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0E84400-B02D-4B8D-9179-5428D38641CF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse-v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFC574FE-7462-4E50-AE4A-5204C339C1F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arm:neoverse-v3ae_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0CDE1B2-393F-4D2A-B872-3317B26D06B3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:neoverse-v3ae:-:*:*:*:*:*:*:*", "matchCriteriaId": "66BD33A8-6D01-4A63-B81E-E974CDFAD04A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection."}, {"lang": "es", "value": "El uso de agregaci\u00f3n de p\u00e1ginas de hardware (HPA) y traducci\u00f3n de etapa 1 y/o etapa 2 en A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3, X4, N2, X925 y Travis puede permitir la omisi\u00f3n de la traducci\u00f3n de etapa 2 y/o la protecci\u00f3n GPT."}], "id": "CVE-2024-5660", "lastModified": "2026-01-05T14:44:15.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-10T14:30:47.963", "references": [{"source": "arm-security@arm.com", "tags": ["Vendor Advisory"], "url": "https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660"}], "sourceIdentifier": "arm-security@arm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "arm-security@arm.com", "type": "Secondary"}]}

{}

{}