CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44149
https://notcve.org/view.php?id=CVE-2021-44149
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. Se ha detectado un problema en Trusted Firmware OP-TEE Trusted OS versiones hasta 3.15.0. El controlador CSU de OPTEE-OS para los dispositivos SoC NXP i.MX6UL carece de la configuración de acceso de seguridad para los registros relacionados con el wakeup, resultando en una omisión de TrustZone porque el Mundo no Seguro puede llevar a cabo operaciones de lectura/escritura de memoria arbitrarias en la memoria del Mundo Seguro. • https://github.com/OP-TEE/optee_os/tags https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0002-OP-TEE_TrustZone_bypass_at_wakeup.txt •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-36133
https://notcve.org/view.php?id=CVE-2021-36133
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral. El controlador CSU de OPTEE-OS para los dispositivos NXP i.MX SoC carece de configuración de acceso de seguridad para varios modelos, resultando en una omisión de TrustZone porque el Mundo no Seguro puede llevar a cabo operaciones arbitrarias de lectura/escritura de memoria en la memoria del Mundo Seguro. Esto implica un periférico con capacidad DMA • https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25052
https://notcve.org/view.php?id=CVE-2019-25052
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. En Linaro OP-TEE versiones anteriores a 3.7.0, al usar datos inconsistentes o malformados, es posible llamar a funciones criptográficas de actualización y finalización directamente, causando un bloqueo que podría filtrar información confidencial • https://github.com/OP-TEE/optee_os/commit/34a08bec755670ea0490cb53bbc68058cafc69b6 https://github.com/OP-TEE/optee_os/security/advisories/GHSA-pgwr-qmgh-vhmf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32032
https://notcve.org/view.php?id=CVE-2021-32032
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak. En Trusted Firmware-M hasta la versión 1.3.0, limpiar la memoria asignada para una operación criptográfica de varias partes (en caso de fallo) puede impedir que la operación abort() en la biblioteca criptográfica asociada libere recursos internos, causando un filtrado de la memoria • https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9 https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst https://www.trustedfirmware.org • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13799
https://notcve.org/view.php?id=CVE-2020-13799
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature. Western Digital ha identificado una vulnerabilidad de seguridad en el protocolo Replay Protected Memory Block (RPMB), tal como se especifica en múltiples estándares para interfaces de dispositivos de almacenamiento, incluyendo todas las versiones de eMMC, UFS y NVMe. El protocolo RPMB está especificado por los organismos de estándares de la industria y es implementado por los dispositivos de almacenamiento de múltiples proveedores para ayudar a los sistemas anfitriones a asegurar un firmware confiable. • https://www.kb.cert.org/vuls/id/231329 https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications • CWE-294: Authentication Bypass by Capture-replay •