Arm Cortex and Neoverse CPUs Data Memory-Dependent Prefetch Engine Vulnerability Allowing Privileged Data Access

A vulnerability exists in certain Arm-based CPUs, including Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V2, Neoverse V3, and Neoverse V3AE. This vulnerability allows an unprivileged context to manipulate the data memory-dependent prefetch engine into fetching contents from privileged locations, which are normally inaccessible. The prefetched data can be consumed as addresses that are dereferenced, potentially leading to unauthorized access or exploitation.

Impact

Exploitation of this vulnerability could allow an unprivileged context to access and dereference privileged data, creating a risk of unauthorized information exposure or manipulation.

Remediation

Arm recommends disabling the affected prefetcher via a specific CPU control register. Updates to Trusted Firmware-A are available to implement this change. For systems that have not yet received the firmware patch, enabling Kernel Page Table Isolation (KPTI) can provide protection against this vulnerability.