CVE-2023-40271

Name of the Vulnerable Software and Affected Versions Trusted Firmware-M versions TF-Mv1.6.0 through TF-Mv1.8.0

Description The issue arises when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used. In this scenario, the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes. This leads to the possibility that unauthenticated payloads might be identified as authentic.

Recommendations For Trusted Firmware-M versions TF-Mv1.6.0 through TF-Mv1.8.0, consider updating to a version that fixes this issue, as the current implementation allows unauthenticated payloads to be identified as authentic due to incomplete buffer comparison during authentication tag verification. At the moment, there is no information about a newer version that contains a fix for this vulnerability.