CVE-2021-32032
published 2021-05-21CVE-2021-32032: In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.77%
75.4th percentile
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trustedfirmware | trusted_firmware-m | <= 1.3.0 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems
arxiv_fulltext·2024-05-13
SoK: Where's the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems
[1]
hlcolorRGB20, 255, 20hlcolor
blackZiming: #1
[1]
hlcolorRGB20, 255, 20hlcolor
blackJun: #1
[1]
hlcolorRGB20, 255, 20hlcolor
blackLe: #1
[1]
hlcolorRGB255, 241, 158hlcolor
blackZheyuan: #1
[1]
hlcolorRGB255, 20, 20hlcolor
blackZQ: #1
[1]
hlcolorRGB0,32,96hlcolor
whiteXi: #1
arch
[1]
arch
#1A [2]arch. #1
bug
[1]
bug
#1B [2]bug. #1
limitation
[1]
limitation
4pt #1L [2]limitation. #1
issue
[1]
issue
4pt #1I [2]issue. #1
defense
[1]
defense
4pt #1D [2]defense. #1
test
[1]
test
T [2]-test. #1
recommendation
[1]
recommendation
4pt #1R [2]recommendation. #1
plain
[2]tabular@#1@#2tabular
* [1]
* [1] [baseline=(char.base)]
[shape=circle,draw,inner sep=2pt] (char) #1;
* [1] [baseline=(char.base)]
[shape=circle,draw,inner sep=1pt] (char) #1;
.5em
[1]picture(1,1)
0=#1 (.
arXiv
uTango: an open-source TEE for IoT devices
arxiv_fulltext·2022-02-16
uTango: an open-source TEE for IoT devices
uTango: an open-source TEE for IoT devices
Daniel Oliveira,
Tiago Gomes,
Sandro Pinto
\ ALGORITMI - University of Minho
\daniel.oliveira, mr.gomes, sandro.pinto\@dei.uminho.pt
## Abstract
Security is one of the main challenges of the Internet of Things (IoT). IoT devices are mainly powered by low-cost microcontrollers (MCUs) that typically lack basic hardware security mechanisms to separate security-critical applications from less
critical components. Recently, Arm has started to release Cortex-M MCUs enhanced with TrustZone technology (i.e., TrustZone-M), a system-wide security solution aiming at providing robust protection for IoT devices. Trusted Execution Environments (TEEs) relying on TrustZone hardware have been perceived as safe havens for securing mobile devices. However, for t
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rsthttps://www.trustedfirmware.orghttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rsthttps://www.trustedfirmware.org
2021-05-21
Published