CVE-2021-43619

Опубликовано: 01 мар. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

Ссылки

https://developer.arm.com/support/arm-security-updates
Vendor Advisory
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
Patch
Third Party Advisory
https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html
Exploit
Patch
Third Party Advisory
https://www.trustedfirmware.org
Product
https://developer.arm.com/support/arm-security-updates
Vendor Advisory
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
Patch
Third Party Advisory
https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html
Exploit
Patch
Third Party Advisory
https://www.trustedfirmware.org
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:arm:trusted_firmware-m:1.4.0:*:*:*:*:*:*:*

cpe:2.3:o:arm:trusted_firmware-m:1.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00172

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-120

Связанные уязвимости

GHSA-w8p4-6wv2-jvj3