CVE-2021-27562
Arm Trusted Firmware Out-of-Bounds Write Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
En Arm Trusted Firmware M versión hasta 1.2, el mundo NS puede activar una detención del sistema, una sobrescritura de datos seguros o la impresión de datos seguros al llamar a funciones seguras en el modo de controlador NSPE
Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-22 CVE Reserved
- 2021-05-25 CVE Published
- 2021-11-03 Exploited in Wild
- 2021-11-17 KEV Due Date
- 2024-03-05 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://developer.arm.com/support/arm-security-updates | 2021-06-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Arm Search vendor "Arm" | Trusted Firmware M Search vendor "Arm" for product "Trusted Firmware M" | <= 1.2 Search vendor "Arm" for product "Trusted Firmware M" and version " <= 1.2" | - |
Affected
| in | Arm Search vendor "Arm" | Trusted Firmware M Search vendor "Arm" for product "Trusted Firmware M" | - | - |
Safe
|