Details of VAR-201704-0074

ID

VAR-201704-0074

CVE

CVE-2016-10319

TITLE

ARM Trusted Firmware Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008275

DESCRIPTION

In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code. ARM Trusted Firmware Contains an integer overflow vulnerability.Service operation interruption (DoS) An attack may be carried out. ARM Trusted Firmware is a set of interface standards that provide ARMv8-A security software implementation. Security vulnerabilities exist in ARM Trusted Firmware versions 1.2 and 1.3. An attacker could exploit this vulnerability to copy large data to secure memory

Trust: 1.71

sources: NVD: CVE-2016-10319 // JVNDB: JVNDB-2016-008275 // VULHUB: VHN-89083

AFFECTED PRODUCTS

vendor:	arm trusted	model:	arm trusted	scope:	eq	version:	1.3	Trust: 1.6
vendor:	arm trusted	model:	arm trusted	scope:	eq	version:	1.2	Trust: 1.6
vendor:	arm	model:	trusted	scope:	eq	version:	1.2	Trust: 0.8
vendor:	arm	model:	trusted	scope:	eq	version:	1.3	Trust: 0.8

sources: JVNDB: JVNDB-2016-008275 // CNNVD: CNNVD-201704-288 // NVD: CVE-2016-10319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10319
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-10319
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201704-288
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-89083
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-10319
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-89083
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10319
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-89083 // JVNDB: JVNDB-2016-008275 // CNNVD: CNNVD-201704-288 // NVD: CVE-2016-10319

PROBLEMTYPE DATA

problemtype:

CWE-190

Trust: 1.9

sources: VULHUB: VHN-89083 // JVNDB: JVNDB-2016-008275 // NVD: CVE-2016-10319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-288

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-288

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008275

PATCH

title:	ARM Trusted Firmware Security Advisory TFV 1	url:	https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-1	Trust: 0.8
title:	ARM Trusted Firmware Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69085	Trust: 0.6

sources: JVNDB: JVNDB-2016-008275 // CNNVD: CNNVD-201704-288

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10319	Trust: 2.5
db:	JVNDB	id:	JVNDB-2016-008275	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-288	Trust: 0.7
db:	VULHUB	id:	VHN-89083	Trust: 0.1

sources: VULHUB: VHN-89083 // JVNDB: JVNDB-2016-008275 // CNNVD: CNNVD-201704-288 // NVD: CVE-2016-10319

REFERENCES

url:	https://github.com/arm-software/arm-trusted-firmware/wiki/arm-trusted-firmware-security-advisory-tfv-1	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10319	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10319	Trust: 0.8

sources: VULHUB: VHN-89083 // JVNDB: JVNDB-2016-008275 // CNNVD: CNNVD-201704-288 // NVD: CVE-2016-10319

SOURCES

db:	VULHUB	id:	VHN-89083
db:	JVNDB	id:	JVNDB-2016-008275
db:	CNNVD	id:	CNNVD-201704-288
db:	NVD	id:	CVE-2016-10319

LAST UPDATE DATE

2025-04-20T23:29:44.024000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-89083	date:	2017-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-008275	date:	2017-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201704-288	date:	2017-04-11T00:00:00
db:	NVD	id:	CVE-2016-10319	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-89083	date:	2017-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-008275	date:	2017-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201704-288	date:	2017-04-11T00:00:00
db:	NVD	id:	CVE-2016-10319	date:	2017-04-06T15:59:00.167