Описание
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:linaro:op-tee:-:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:nxp:i.mx_6:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:i.mx_6ulz:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:i.mx_7ds:-:*:*:*:*:*:*:*
cpe:2.3:h:nxp:i.mx6sx:-:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00055
Низкий
7.1 High
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 7.1
ubuntu
около 4 лет назад
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
CVSS3: 7.1
debian
около 4 лет назад
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...
EPSS
Процентиль: 17%
0.00055
Низкий
7.1 High
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-732