Trustedfirmware Trusted Firmware-M vulnerabilities
6 known vulnerabilities affecting trustedfirmware/trusted_firmware-m.
Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-27562P2MEDIUMCVSS 5.5KEV≤ 1.2.02021-05-25
CVE-2021-27562 [MEDIUM] CWE-787 CVE-2021-27562: In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secur
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
nvd
CVE-2023-40271P3HIGHCVSS 7.5v1.6.0v1.6.1+2 more2023-09-08
CVE-2023-40271 [HIGH] CWE-697 CVE-2023-40271: In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, w
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) imple
nvd
CVE-2021-43619P3HIGHCVSS 7.8v1.4.0v1.4.12022-03-01
CVE-2021-43619 [HIGH] CWE-120 CVE-2021-43619: Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition.
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
nvd
CVE-2021-32032P3HIGHCVSS 7.5≤ 1.3.02021-05-21
CVE-2021-32032 [HIGH] CWE-401 CVE-2021-32032: In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
nvd
CVE-2021-40327P4MEDIUMCVSS 5.9v1.4.02022-01-13
CVE-2021-40327 [MEDIUM] CWE-862 CVE-2021-40327: Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner.
nvd
CVE-2023-51712P4MEDIUMCVSS 4.7≤ 2.0.02024-09-05
CVE-2023-51712 [MEDIUM] CVE-2023-51712: An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in th
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
nvd