CVE-2026-45329

EPSS 0.12%
Veröffentlicht 10.06.2026 00:34:09
Zuletzt bearbeitet 11.06.2026 18:04:26
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 7

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Espressif ≫ Esp-idf Version5.5.4

Espressif ≫ Esp-idf Version6.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.02

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
security-advisories@github.com	7.1	2.5	4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/espressif/esp-idf/commit/145ba4c42dc8283054cfde9a1c3470db7399192f

Patch

https://github.com/espressif/esp-idf/commit/7867f4a57560bf9fc4a931e37ba02b7a3e9f406b

Patch

https://github.com/espressif/esp-idf/commit/eebabaff2fdc273b1530fe66e55fb3bcd181dfd6

Patch

https://github.com/espressif/esp-idf/security/advisories/GHSA-w82j-7q63-7pqm

Patch

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-45329

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-45329

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-45329

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-45329