How severe is CVE-2018-18068?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2018-18068?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2018-18068 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3.

Related Vulnerabilities

CVE-2008-7291

CRITICAL

CVSS:9.8(Critical)

gri before 2.12.18 generates temporary files in an insecure way.

CWE-6682008

CVE-2017-18129

CRITICAL

CVSS:9.8(Critical)

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelera...

CWE-6682017

CVE-2018-7072

CRITICAL

CVSS:9.8(Critical)

A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24.

CWE-6682018

CVE-2018-7846

CRITICAL

CVSS:9.8(Critical)

A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauth...

CWE-6682018

CVE-2019-10781

CRITICAL

CVSS:9.8(Critical)

In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector.

CWE-6682019

CVE-2019-19015

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connect...

CWE-6682019