CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51712
https://notcve.org/view.php?id=CVE-2023-51712
05 Sep 2024 — An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. • https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-40271
https://notcve.org/view.php?id=CVE-2023-40271
08 Sep 2023 — In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag d... • https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst • CWE-697: Incorrect Comparison •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-43619
https://notcve.org/view.php?id=CVE-2021-43619
01 Mar 2022 — Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. Trusted Firmware M versiones 1.4.x hasta 1.4.1, presenta un problema de desbordamiento de búfer en la partición de actualización de firmware. En el modelo IPC, un llamador psa_fwu_write desde SPE o NSPE puede sobrescribir ubicaciones de memoria de la pila. • https://developer.arm.com/support/arm-security-updates • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 77%CPEs: 2EXPL: 0CVE-2021-27562 – Arm Trusted Firmware Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-27562
25 May 2021 — In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. En Arm Trusted Firmware M versión hasta 1.2, el mundo NS puede activar una detención del sistema, una sobrescritura de datos seguros o la impresión de datos seguros al llamar a funciones seguras en el modo de controlador NSPE Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-... • https://developer.arm.com/support/arm-security-updates • CWE-787: Out-of-bounds Write •