Preface: The Cortex-A75 is still being used by manufacturers today. For instance, UNISOC and MediaTek continue to incorporate Cortex-A75 cores in their chipsets.

These processors are found in various mid-range and entry-level devices, providing a balance of performance and efficiency.

Background: Branch Status Eviction (BSE) is a vulnerability related to the Spectre class of security issues. It exploits a microarchitectural mechanism that allows an attacker to gain a weak form of control over the victim’s branch history, despite existing protections. This can lead to the manipulation of indirect branches and potentially result in data exfiltration.

Vulnerability details: According to the ARM® security team, Spectre-BSE exploits a micro-architectural mechanism that equips an adversary with a weak form of control over the victim’s branch history despite existing protections.

This can lead to exploitative control of indirect branches and potentially to data exfiltration. This issue affects ARM Cortex®-A72 (revisions prior to r1p0), Cortex-A73 and Cortex-A75.

Official announcement: Please see the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-8007.html

Preface: The reason why an unparcel error involving Parcel and BaseBundle is considered a critical Common Vulnerabilities and Exposures (CVE) is due to the potential security risks it poses. Specifically, such errors can lead to: Data Corruption, Security Vulnerabilities and Denial of Service (DoS).

Background: BaseBundle[.]java in Android is a class that provides a mapping from String keys to values of various types. It serves as a base class for Bundle and PersistableBundle, which are more commonly used in Android development. Here are some key functions of BaseBundle:

• Storing and retrieving data: It allows you to store various types of data (like int, boolean, String, etc.) and retrieve them using specific keys.
• Clearing data: You can remove all elements from the mapping using the clear() method.
• Checking for keys: The containsKey(String key) method lets you check if a particular key exists in the mapping.

In most cases, developers work directly with Bundle or PersistableBundle, which extend BaseBundle and provide additional functionalities.

Vulnerability: An unparcel error in Android, often caused by issues with Parcel and BaseBundle, can lead to several consequences.

Ref: If an attacker can manipulate the data being parceled, they might exploit the unparceling process to execute arbitrary code or gain unauthorized access to sensitive information.

Official announcement: Please refer to the link for details –https://android.googlesource.com/platform/frameworks/base/+/ece83fb425b1e912a036e9985b710910e2e3ca37

Announcement on January 6, 2022: GM and Qualcomm showcase collaboration at CES that brings first dedicated Snapdragon system-on-chips to GM’s upcoming advanced driver assistance system for fast, robust data processing.

Preface: When the Snapdragon SA8540P SoC and SA9000P AI accelerator work together, they typically use a coordinated boot process. Each component has its own firmware, but they are designed to work seamlessly together within the system.

Background: The High Assurance Boot (HAB) process is indeed located within the embedded OS environment, specifically in the normal world. It is designed to ensure that only authenticated and trusted software images are executed on the device, providing a secure boot mechanism.

Here’s a brief overview of how HAB works:

1. Digital Signatures: HAB uses digital signatures to authenticate the initial software image. This involves creating a unique identifier (certificate) for the image using asymmetric encryption. The private key is used to encrypt the image, while the public key is attached to it.
2. Authentication: During boot, the boot ROM uses the public key to decrypt the certificate and verify the image. If the certificate matches the image, it is considered trusted and allowed to run. Otherwise, it is rejected.
3. Chain of Trust: HAB establishes a chain of trust for subsequent software components, such as the kernel image, ensuring that the entire system remains secure.

Vulnerability details: Improper Access Control in Automotive Linux OS. Memory corruption may occur due top improper access control in HAB process.

Technology Area – Automotive Linux OS

Vulnerability Type – CWE-284 Improper Access Control

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-21425

Preface: An SMM Callout is a type of vulnerability found in System Management Mode (SMM) code. This occurs when SMM code calls a function located outside of the System Management RAM (SMRAM) boundaries. The most common scenario is when an SMI (System Management Interrupt) handler tries to invoke a UEFI boot service or runtime service as part of its operation.

This vulnerability can be exploited by attackers with OS-level privileges to modify the physical pages where these services reside, potentially hijacking the privileged execution flow.

Background: STM stands for SMI Transfer Monitor. It is a security mechanism used within the System Management Mode (SMM) of a computer’s firmware. Below are some key points about STM:

Purpose: STM is designed to monitor and control the behavior of SMM code, providing a layer of security by mediating the actions of SMM drivers.

Functionality: It acts as a hypervisor within SMM, functioning alongside the main hypervisor or operating system. STM hosts the SMI (System Management Interrupt) handler in a virtual machine, thereby restricting its access to the platform.

Security: By constraining the SMI handler, STM helps prevent potential security breaches that could undermine the integrity of the system.

Vulnerability details: CVE-2024-21925 is the result of a lack of sufficient input buffer(s) validation within the AmdPspP2CmboxV2 UEFI module. CVE-2024-0179 is an SMM (System Management Mode) Callout vulnerability within the AmdCpmDisplayFeatureSMM UEFI module. Both can allow ring-0 attackers to escalate their privileges, potentially resulting in arbitrary code execution. AMD has begun releasing firmware mitigations to fix these vulnerabilities.  

Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7027.html

Preface:

A Use-After-Free (UAF) vulnerability occurs when a program continues to access memory after it has been freed. This can lead to unpredictable behavior, crashes, or even allow an attacker to execute arbitrary code. For example, if a program frees a block of memory but later tries to read or write to that memory, it can cause serious issues.

An Out-of-Bounds vulnerability happens when a program reads or writes data outside the boundaries of allocated memory. This can corrupt data, crash the program, or be exploited by attackers to execute arbitrary code. For instance, if an array has a size of 10 elements and the program tries to access the 11th element, it results in an out-of-bounds access.

Background:

GLES stands for OpenGL for Embedded Systems. It’s a subset of the OpenGL API designed for embedded devices like smartphones, tablets, and other portable devices. GLES is widely used in mobile games and applications because it provides a balance between performance and power consumption.

VK refers to Vulkan, a newer graphics API that provides high-efficiency, cross-platform access to modern GPUs. Vulkan offers more control over the GPU and lower overhead compared to OpenGL, making it suitable for high-performance applications like AAA games and real-time simulations.

Vulnerability details: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations, including via WebGL or WebGPU, to access a limited amount outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r0p0 through r49p2, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r19p0 through r49p2, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p2, from r50p0 through r53p0.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-0050

Another coincidental design flaw could have caused this vulnerability – Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

https://nvd.nist.gov/vuln/detail/cve-2024-2883