Описание
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.
Ссылки
- Release NotesThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.15.0 (включая)
Одновременно
cpe:2.3:o:linaro:op-tee:*:*:*:*:*:*:*:*
cpe:2.3:h:nxp:i.mx_6ultralite:-:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00067
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.8
debian
около 4 лет назад
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...
EPSS
Процентиль: 21%
0.00067
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
NVD-CWE-Other