CVE-2023-51712
- EPSS 0.29%
- Veröffentlicht 05.09.2024 16:15:06
- Zuletzt bearbeitet 05.06.2026 20:07:06
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
CVE-2023-40271
- EPSS 0.32%
- Veröffentlicht 08.09.2023 02:15:08
- Zuletzt bearbeitet 05.06.2026 20:07:06
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is use...
CVE-2021-43619
- EPSS 0.41%
- Veröffentlicht 01.03.2022 05:15:07
- Zuletzt bearbeitet 05.06.2026 20:07:06
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
CVE-2021-40327
- EPSS 1.19%
- Veröffentlicht 13.01.2022 16:15:07
- Zuletzt bearbeitet 05.06.2026 20:36:28
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with...
CVE-2021-27562
- EPSS 3.09%
- Veröffentlicht 25.05.2021 19:15:07
- Zuletzt bearbeitet 05.06.2026 20:07:06
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
CVE-2021-32032
- EPSS 1.77%
- Veröffentlicht 21.05.2021 04:15:08
- Zuletzt bearbeitet 08.06.2026 12:37:51
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, caus...