Unknown · Trusted Firmware-M · CVE-2024-45746
Name of the Vulnerable Software and Affected Versions:
Trusted Firmware-M versions through 2.1.0
Description:
An issue was discovered where user-provided mailbox messages contain a pointer to a list of input arguments (`in vec`) and output arguments (`out vec`) that are never validated. Each argument list contains a buffer pointer and a buffer length field. After a PSA call, the length of the output arguments behind the unchecked pointer is updated, allowing an attacker to write anywhere in the secure firmware. This can be used to take over the control flow, leading to remote code execution (RCE).
Recommendations:
For versions through 2.1.0, update to the latest release to mitigate risks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.