Vulnerabilites related to arm - trusted_firmware-m
CVE-2023-40271 (GCVE-0-2023-40271)
Vulnerability from cvelistv5
Published
2023-09-08 00:00
Modified
2024-09-26 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:52.418Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tf-m-user-guide.trustedfirmware.org/releases/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:53:41.562937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:53:51.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T01:59:45.526188",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://tf-m-user-guide.trustedfirmware.org/releases/index.html"
},
{
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40271",
"datePublished": "2023-09-08T00:00:00",
"dateReserved": "2023-08-11T00:00:00",
"dateUpdated": "2024-09-26T17:53:51.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51712 (GCVE-0-2023-51712)
Vulnerability from cvelistv5
Published
2024-09-05 00:00
Modified
2025-03-25 16:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-51712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T22:20:34.496427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:20:45.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:33:55.996Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/"
},
{
"url": "https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/debug_log_vulnerability.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51712",
"datePublished": "2024-09-05T00:00:00.000Z",
"dateReserved": "2023-12-22T00:00:00.000Z",
"dateUpdated": "2025-03-25T16:20:45.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27562 (GCVE-0-2021-27562)
Vulnerability from cvelistv5
Published
2021-05-25 18:27
Modified
2025-07-30 01:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27562",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:42:33.875087Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27562"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:38:10.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2021-27562 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-25T18:27:20.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/support/arm-security-updates",
"refsource": "MISC",
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"name": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst",
"refsource": "CONFIRM",
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27562",
"datePublished": "2021-05-25T18:27:20.000Z",
"dateReserved": "2021-02-22T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:38:10.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43619 (GCVE-0-2021-43619)
Vulnerability from cvelistv5
Published
2022-03-01 04:31
Modified
2024-08-04 04:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://developer.arm.com/support/arm-security-updates | x_refsource_MISC | |
| https://www.trustedfirmware.org | x_refsource_MISC | |
| https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/ | x_refsource_MISC | |
| https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustedfirmware.org"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T04:31:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustedfirmware.org"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.arm.com/support/arm-security-updates",
"refsource": "MISC",
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"name": "https://www.trustedfirmware.org",
"refsource": "MISC",
"url": "https://www.trustedfirmware.org"
},
{
"name": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/",
"refsource": "MISC",
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/"
},
{
"name": "https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html",
"refsource": "CONFIRM",
"url": "https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43619",
"datePublished": "2022-03-01T04:31:25",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-03-01 05:15
Modified
2024-11-27 20:03
Severity ?
Summary
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://developer.arm.com/support/arm-security-updates | Vendor Advisory | |
| cve@mitre.org | https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.trustedfirmware.org | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://developer.arm.com/support/arm-security-updates | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.trustedfirmware.org | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | trusted_firmware-m | 1.4.0 | |
| arm | trusted_firmware-m | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:trusted_firmware-m:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7466A0E8-A066-4C75-8CC2-4EB8C8D6E36B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arm:trusted_firmware-m:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "479959C0-3840-4C14-B549-8DD38078FD63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations."
},
{
"lang": "es",
"value": "Trusted Firmware M versiones 1.4.x hasta 1.4.1, presenta un problema de desbordamiento de b\u00fafer en la partici\u00f3n de actualizaci\u00f3n de firmware. En el modelo IPC, un llamador psa_fwu_write desde SPE o NSPE puede sobrescribir ubicaciones de memoria de la pila."
}
],
"id": "CVE-2021-43619",
"lastModified": "2024-11-27T20:03:20.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-01T05:15:07.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.trustedfirmware.org"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.trustedfirmware.org"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-08 02:15
Modified
2024-11-27 20:03
Severity ?
Summary
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst | Exploit, Mitigation, Technical Description, Vendor Advisory | |
| cve@mitre.org | https://tf-m-user-guide.trustedfirmware.org/releases/index.html | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst | Exploit, Mitigation, Technical Description, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tf-m-user-guide.trustedfirmware.org/releases/index.html | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | trusted_firmware-m | 1.6.0 | |
| arm | trusted_firmware-m | 1.6.1 | |
| arm | trusted_firmware-m | 1.7.0 | |
| arm | trusted_firmware-m | 1.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:trusted_firmware-m:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68F95CFE-0FA1-457B-93D0-00FD6F6B412B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arm:trusted_firmware-m:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6FAF32-EA55-4FB9-A7D0-AFC088CA32B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arm:trusted_firmware-m:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E4443C-1DB9-4160-B616-EEAB31FBB098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:arm:trusted_firmware-m:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68188ABE-C829-4FBE-B88C-0F8D558C07EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8."
},
{
"lang": "es",
"value": "En Trusted Firmware-M hasta TF-Mv1.8.0, para plataformas que integran el acelerador CryptoCell, cuando se selecciona la Interfaz del software CryptoCell PSA Driver y se utiliza el algoritmo Cifrado Autenticado con Datos Asociados Chacha20-Poly1305, con la verificaci\u00f3n de una funci\u00f3n single-part (definida durante la fase de configuraci\u00f3n en tiempo de compilaci\u00f3n) implementada con una funci\u00f3n dedicada (es decir, que no depende del uso de funciones multipart), la comparaci\u00f3n del b\u00fafer de meoria durante la verificaci\u00f3n de la etiqueta de autenticaci\u00f3n no ocurre en los 16 bytes completos sino solo en los primeros 4 bytes, lo que genera la posibilidad de que los payloads no autenticados puedan identificarse como aut\u00e9nticas. Esto afecta a TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0 y TF-Mv1.8."
}
],
"id": "CVE-2023-40271",
"lastModified": "2024-11-27T20:03:20.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-08T02:15:08.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://tf-m-user-guide.trustedfirmware.org/releases/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Technical Description",
"Vendor Advisory"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://tf-m-user-guide.trustedfirmware.org/releases/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-25 19:15
Modified
2025-03-14 16:22
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | trusted_firmware-m | * |
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Arm Trusted Firmware Out-of-Bounds Write Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:trusted_firmware-m:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B4BC29-D610-4699-8E7C-203B54DB7A8D",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode."
},
{
"lang": "es",
"value": "En Arm Trusted Firmware M versi\u00f3n hasta 1.2, el mundo NS puede activar una detenci\u00f3n del sistema, una sobrescritura de datos seguros o la impresi\u00f3n de datos seguros al llamar a funciones seguras en el modo de controlador NSPE"
}
],
"id": "CVE-2021-27562",
"lastModified": "2025-03-14T16:22:57.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-05-25T19:15:07.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://developer.arm.com/support/arm-security-updates"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-05 16:15
Modified
2025-03-25 17:15
Severity ?
4.7 (Medium) - CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| arm | trusted_firmware-m | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arm:trusted_firmware-m:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF46722-6610-43EC-8368-6439707E8E50",
"versionEndIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Trusted Firmware-M hasta la versi\u00f3n 2.0.0. La falta de verificaci\u00f3n de argumentos en el subsistema de registro permite a los atacantes leer datos confidenciales a trav\u00e9s de la funci\u00f3n de inicio de sesi\u00f3n."
}
],
"id": "CVE-2023-51712",
"lastModified": "2025-03-25T17:15:44.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 4.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-09-05T16:15:06.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/debug_log_vulnerability.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}