CVE-2021-43619

moderate-risk
Published 2022-03-01

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

Do I need to act?

-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (2)

Affected Vendors

Arm

References (8)

Vendor Advisory https://developer.arm.com/support/arm-security-updates
Patch https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
Exploit https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fw...
Product https://www.trustedfirmware.org
Vendor Advisory https://developer.arm.com/support/arm-security-updates
Patch https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/
Exploit https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fw...
Product https://www.trustedfirmware.org
32
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 7/34 · Low