Primary

Context

Arm SCP-Firmware Usage Fault Vulnerability Leading to Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Arm SCP-Firmware versions through 2.15.0. The issue arises when specifically crafted SCMI messages are sent to an SCP, potentially leading to a Usage Fault and causing the SCP to crash.

Impact

Exploitation of this vulnerability causes the System Control Processor to crash, leading to a denial-of-service condition.

Remediation

Users are advised to upgrade to a version later than 2.15.0 or to integrate the fixes available in commits d4c1a05d and 194d97ca as soon as possible.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arm SCP-Firmware Usage Fault Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating