LAYER: meta-xilinx-core
PACKAGE NAME: trusted-firmware-a
PACKAGE VERSION: 2.14.0-xilinx-v2026.1
CVE: CVE-2016-10319
CVE STATUS: Patched
CVE SUMMARY: In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.9
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2016-10319

LAYER: meta-xilinx-core
PACKAGE NAME: trusted-firmware-a
PACKAGE VERSION: 2.14.0-xilinx-v2026.1
CVE: CVE-2017-7563
CVE STATUS: Patched
CVE SUMMARY: In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).
CVSS v2 BASE SCORE: 6.8
CVSS v3 BASE SCORE: 8.1
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7563

LAYER: meta-xilinx-core
PACKAGE NAME: trusted-firmware-a
PACKAGE VERSION: 2.14.0-xilinx-v2026.1
CVE: CVE-2017-7564
CVE STATUS: Patched
CVE SUMMARY: In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-7564