Vulnerability Details : CVE-2021-27562
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-27562
- cpe:2.3:o:arm:trusted_firmware_m:*:*:*:*:*:*:*:*
CVE-2021-27562 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Arm Trusted Firmware Out-of-Bounds Write Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Ye
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2021-27562
Added on
2021-11-03
Action due date
2021-11-17
Exploit prediction scoring system (EPSS) score for CVE-2021-27562
95.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-27562
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2021-27562
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-27562
-
https://developer.arm.com/support/arm-security-updates
Arm Security Updates – Arm DeveloperVendor Advisory
-
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
svc_caller_sp_fetching_vulnerability.rst « security_advisories « security « docs - trusted-firmware-m.git - Trusted Firmware for M profile Arm CPUsThird Party Advisory
Jump to