ARM Cortex-A72/Cortex-A73/Cortex-A75 prior r1p0 information exposure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in ARM Cortex-A72, Cortex-A73 and Cortex-A75. Affected by this issue is some unknown functionality. Executing a manipulation can lead to an unknown weakness. The identification of this vulnerability is CVE-2024-10929. There is no exploit available. Upgrading the affected component is recommended.
Details
A vulnerability was found in ARM Cortex-A72, Cortex-A73 and Cortex-A75. It has been declared as problematic. The CWE definition for the vulnerability is CWE-203. The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. The impact remains unknown. CVE summarizes:
In certain circumstances, an issue in Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history.
The advisory is available at developer.arm.com. This vulnerability was named CVE-2024-10929 since 11/06/2024. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.
The vulnerability scanner Nessus provides a plugin with the ID 214925 (Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-062)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version r1p0 eliminates this vulnerability.
The vulnerability is also documented in the databases at Tenable (214925) and EUVD (EUVD-2024-33601). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Information exposureCWE: CWE-203 / CWE-200 / CWE-284
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 214925
Nessus Name: Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-062)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Cortex-A72/Cortex-A73/Cortex-A75 r1p0
Timeline
11/06/2024 🔍01/22/2025 🔍
01/22/2025 🔍
12/18/2025 🔍
Sources
Advisory: developer.arm.comStatus: Confirmed
CVE: CVE-2024-10929 (🔍)
GCVE (CVE): GCVE-0-2024-10929
GCVE (VulDB): GCVE-100-293074
EUVD: 🔍
Entry
Created: 01/22/2025 17:43Updated: 12/18/2025 23:50
Changes: 01/22/2025 17:43 (51), 02/04/2025 12:49 (2), 07/22/2025 14:25 (1), 07/22/2025 15:36 (1), 12/18/2025 23:50 (3)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.