CVE-2024-10929 Overview
CVE-2024-10929 affects Arm Cortex-A57, Cortex-A72 (revisions before r1p0), Cortex-A73, and Cortex-A75 processors. The vulnerability allows a local adversary to gain a weak form of control over the victim's branch history under certain circumstances. Arm has documented the issue as part of the Spectre-BSE (Branch History Speculation) class of microarchitectural side-channel weaknesses. The flaw is classified under [CWE-203] (Observable Discrepancy) and enables information disclosure through speculative execution side effects. Exploitation requires local access and low attack complexity, with no privileges or user interaction required.
Critical Impact
A local attacker can influence branch history state on affected Cortex-A cores, enabling speculative execution side-channel attacks that may leak sensitive data across security boundaries.
Affected Products
- Arm Cortex-A57 (hardware and firmware)
- Arm Cortex-A72 revisions before r1p0 (hardware and firmware)
- Arm Cortex-A73 and Cortex-A75 (hardware and firmware)
Discovery Timeline
- 2025-01-22 - CVE-2024-10929 published to NVD
- 2025-12-18 - Last updated in NVD database
Technical Details for CVE-2024-10929
Vulnerability Analysis
The vulnerability is a microarchitectural side-channel issue in the branch prediction logic of affected Arm Cortex-A cores. Arm tracks the issue under the Spectre-BSE designation, indicating it relates to Branch History Speculation. An attacker with local code execution on the same physical core can manipulate branch history state observed by a victim context. This influence over branch prediction enables transient execution attacks that bypass software isolation boundaries. The result is partial leakage of confidential data such as memory contents from a more privileged context.
Root Cause
The root cause is the sharing of branch history structures across security domains without sufficient isolation. Affected Cortex-A57, Cortex-A72 (pre-r1p0), Cortex-A73, and Cortex-A75 designs allow branch history entries trained in one context to influence speculative execution in another. This is an observable discrepancy weakness [CWE-203] in which microarchitectural state acts as a covert channel.
Attack Vector
Exploitation requires the attacker to execute code locally on the target system. The attacker primes branch history structures with chosen patterns that steer speculative execution in the victim. By measuring secondary effects such as cache timing, the attacker reconstructs values accessed during transient execution. No user interaction or elevated privileges are required to mount the attack.
No verified public proof-of-concept code is available for this specific CVE. See the ARM Security Center: Spectre BSE advisory for Arm's technical analysis and mitigation guidance.
Detection Methods for CVE-2024-10929
Indicators of Compromise
- No file-based or network-based indicators exist because exploitation is microarchitectural and leaves no persistent artifacts.
- Unexplained local processes performing tight timing loops or repeated indirect branches may indicate side-channel probing.
- Workloads exhibiting abnormal cache miss patterns or perf counter spikes on branch misprediction events warrant investigation.
Detection Strategies
- Monitor for unauthorized native code execution on devices powered by affected Cortex-A cores, including embedded and mobile systems.
- Deploy behavioral endpoint analytics to flag processes that combine high-resolution timers with speculative-execution gadget patterns.
- Track firmware and microcode versions across the fleet to identify systems missing Arm-recommended mitigations.
Monitoring Recommendations
- Audit kernel and hypervisor logs for repeated context switches initiated by unprivileged processes targeting sensitive workloads.
- Correlate hardware performance counter telemetry with process execution to surface anomalous branch predictor activity.
- Maintain inventory of devices using Cortex-A57, Cortex-A72 pre-r1p0, Cortex-A73, and Cortex-A75 silicon for targeted patch tracking.
How to Mitigate CVE-2024-10929
Immediate Actions Required
- Apply firmware, microcode, and operating system updates from device vendors that incorporate Arm's Spectre-BSE mitigations.
- Restrict local code execution by enforcing application allowlisting and limiting untrusted multi-tenant workloads on affected hardware.
- Prioritize patching for systems running sensitive workloads such as cryptographic services, hypervisors, and identity providers.
Patch Information
Refer to the ARM Security Center: Spectre BSE advisory for the authoritative list of mitigations. Operating system and silicon vendors integrate Arm's guidance into kernel-level branch history clearing routines and updated firmware images. Apply vendor-supplied patches for the Linux kernel, hypervisors, and platform firmware on all affected devices.
Workarounds
- Enable kernel-level Spectre mitigations such as branch history clearing on context switch where supported by the operating system.
- Disable simultaneous execution of untrusted code alongside sensitive workloads on the same physical core.
- Isolate high-value workloads onto hardware that is not affected by Spectre-BSE when patches cannot be applied.
# Verify Spectre mitigation status on Linux systems with affected Cortex-A cores
cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
# Inspect CPU implementer and part numbers to confirm affected silicon
cat /proc/cpuinfo | grep -E 'CPU implementer|CPU part|CPU variant'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
