PT-2022-11874 · Unknown · Trusted Firmware-M
Published
2022-03-01
·
Updated
2024-11-27
·
CVE-2021-43619
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Trusted Firmware M versions 1.4.x through 1.4.1
Description
The issue is a buffer overflow in the Firmware Update partition. In the IPC model, a
psa fwu write caller from SPE or NSPE can overwrite stack memory locations.Recommendations
For Trusted Firmware M versions 1.4.x through 1.4.1, consider disabling the
psa fwu write caller from SPE or NSPE as a temporary workaround until a patch is available. Restrict access to the Firmware Update partition to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trusted Firmware-M