CVE-2021-44149

Name of the Vulnerable Software and Affected Versions: Trusted Firmware OP-TEE Trusted OS versions through 3.15.0

Description: An issue in the OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers. This results in TrustZone bypass, allowing the NonSecure World to perform arbitrary memory read/write operations on Secure World memory. The issue involves a v cycle.

Recommendations: For versions through 3.15.0, consider disabling the CSU driver for NXP i.MX6UL SoC devices as a temporary workaround until a patch is available. Restrict access to the Secure World memory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.