Login Sign Up

CVE-2024-11863

5.3 MEDIUM
Denial of Service

📋 TL;DR

CVE-2024-11863 is a denial-of-service vulnerability in ARM SCP-Firmware where specially crafted SCMI messages can cause a Usage Fault and crash the System Control Processor. This affects systems using ARM SCP-Firmware up to version 2.15.0, potentially impacting embedded devices, servers, and IoT devices with ARM-based processors.

💻 Affected Systems

Products:
  • ARM SCP-Firmware
Versions: Up to and including version 2.15.0
Operating Systems: Embedded systems with ARM processors
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems using ARM System Control Processor firmware. Typically found in servers, embedded devices, and IoT platforms.

📦 What is this software?

Scp Firmware by Arm

View all CVEs affecting Scp Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete SCP crash leading to system instability, loss of power/thermal management, and potential denial-of-service for the entire system.

🟠

Likely Case

System instability requiring reboot, temporary loss of power/thermal management functions, and potential service disruption.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized SCMI message injection.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to send crafted SCMI messages to the SCP, typically requiring some level of system access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SCP-Firmware release after 2.15.0

Vendor Advisory: https://developer.arm.com/Arm%20Security%20Center/SCP-Firmware%20Vulnerability%20CVE-2024-11863-11864

Restart Required: Yes

Instructions:

1. Check current SCP-Firmware version. 2. Obtain updated firmware from ARM or device manufacturer. 3. Apply firmware update following vendor instructions. 4. Reboot system to activate new firmware.

🔧 Temporary Workarounds

Restrict SCMI Access

all

Limit which processes/users can send SCMI messages to the SCP

# Implementation varies by system - consult vendor documentation

Network Segmentation

all

Isolate systems with vulnerable SCP-Firmware from untrusted networks

# Use firewall rules to restrict access to SCP management interfaces

🧯 If You Can't Patch

  • Implement strict access controls to prevent unauthorized SCMI message injection
  • Monitor system logs for SCP crashes or unusual SCMI message patterns

🔍 How to Verify

Check if Vulnerable:

Check SCP-Firmware version via vendor-specific commands or system documentation

Check Version:

# Command varies by platform - consult vendor documentation

Verify Fix Applied:

Verify SCP-Firmware version is greater than 2.15.0 and test system stability

📡 Detection & Monitoring

Log Indicators:

  • SCP crash logs
  • Usage Fault errors
  • Unexpected SCMI message patterns

Network Indicators:

  • Unusual SCMI traffic patterns
  • Multiple SCMI messages from single source

SIEM Query:

Example: 'event_type:scp_crash OR error_message:"Usage Fault"'

📊 Metadata

CVE ID: CVE-2024-11863
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-755
EPSS Score: 0.14% exploit probability (34.2th percentile)
Published: January 14, 2025
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11863, you might also want to check these:

CVE-2022-48328 9.8

This vulnerability in MISP (Malware Information Sharing Platform) allows SQL injection through misha...

Same vulnerability type (CWE-755)
CVE-2021-43272 9.8

This vulnerability allows remote code execution through malicious DWF files in Open Design Alliance ...

Same vulnerability type (CWE-755)
CVE-2022-23121 9.8

CVE-2022-23121 is a critical remote code execution vulnerability in Netatalk's AppleDouble parsing f...

Same vulnerability type (CWE-755)