CVE-2022-48251

moderate-risk

Published 2023-01-10

The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."

Do I need to act?

0.37% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (10)

Cortex-A53 Firmware

Cortex-A55 Firmware

Cortex-A57 Firmware

Cortex-A72 Firmware

Cortex-A73 Firmware

Cortex-A75 Firmware

Cortex-A76 Firmware

Cortex-A76Ae Firmware

Cortex-A77 Firmware

Cortex-A78 Firmware

Affected Vendors

Arm

References (4)

Technical Description https://eprint.iacr.org/2022/230

Exploit https://eshard.com/posts/sca-attacks-on-armv8

Technical Description https://eprint.iacr.org/2022/230

Exploit https://eshard.com/posts/sca-attacks-on-armv8

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate