CVE-2021-27562

Name of the Vulnerable Software and Affected Versions Arm Trusted Firmware-M versions M through 1.2

Description The issue is related to an out-of-bounds write in the implementation of the NSPE (Non-secure Processing Environment) mode in Arm Trusted Firmware-M. This can cause a system halt, overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. The vulnerability may allow an attacker to cause a denial of service or gain unauthorized access to protected information.

Recommendations For Arm Trusted Firmware-M versions M through 1.2, as a temporary workaround, consider restricting access to secure functions under the NSPE handler mode until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.