CVE-2024-5660

Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse V3AE, Neoverse N2 may permit bypass of Stage-2 translation and/or GPT protection.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:arm:cortex-a710_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a710:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:arm:cortex-a77_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a77:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:arm:cortex-a78_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a78:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:arm:cortex-a78ae_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a78ae:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:arm:cortex-a78c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-a78c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:arm:cortex-x1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-x1:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:arm:cortex-x1c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-x1c:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:arm:cortex-x2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-x2:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:arm:cortex-x3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-x3:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:arm:cortex-x4_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-x4:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:arm:cortex-x925_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:cortex-x925:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:arm:neoverse_n2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:neoverse_n2:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:arm:neoverse-v1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:neoverse-v1:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:arm:neoverse-v2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:neoverse-v2:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:arm:neoverse-v3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:neoverse-v3:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:arm:neoverse-v3ae_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arm:neoverse-v3ae:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-12-10 14:30

Updated : 2026-01-05 14:44

NVD link : CVE-2024-5660

Mitre link : CVE-2024-5660

CVE.ORG link : CVE-2024-5660

JSON object : View

Products Affected

arm

cortex-a78ae
cortex-a78c
neoverse_n2_firmware
cortex-x3_firmware
cortex-a710
neoverse-v3_firmware
cortex-x925_firmware
cortex-a710_firmware
neoverse-v3
neoverse-v2
cortex-a78_firmware
cortex-x925
cortex-a77_firmware
cortex-a78
cortex-x1c_firmware
cortex-x2_firmware
cortex-x4
neoverse-v2_firmware
neoverse_n2
cortex-a78c_firmware
cortex-x4_firmware
neoverse-v3ae
neoverse-v3ae_firmware
neoverse-v1_firmware
cortex-x3
cortex-x2
neoverse-v1
cortex-a77
cortex-x1_firmware
cortex-x1
cortex-a78ae_firmware
cortex-x1c

CWE

CWE-668

Exposure of Resource to Wrong Sphere

9.8 /10