CVE-2021-44149 — Optee-os vulnerability

2 documents2 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 79.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linaro Op-tee Debian Optee-os

Timeline

PublishedDec 7

Description

An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶debiandebian/optee-os

▶NVDlinaro/op-tee3.15.0

📋Vendor Advisories

Debian

CVE-2021-44149: optee-os - An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. Th...↗2021

▶