CNNVD-202507-3814 Information
CNNVD ID
CNNVD-202507-3814
Related CVE
- CNNVD Published: 2025-07-30
Description (Chinese)
TrustedFirmware-M是英国TrustedFirmware开源的一款微控制器的固件系统。 TrustedFirmware-M 2.1.3之前版本和2.2.1之前版本存在安全漏洞,该漏洞源于固件升级期间长度验证不足,可能导致缓冲区溢出。
Description (English)
Trusted Firmware-M is a solidware system of microcontrollers from the UK Trusted Firmware open source. There was a security loophole in previous versions of Trusted Firmware-M 2.1.3 and in previous versions of 2.2.1, which stemmed from inadequate verification of the length of the upgrade of the solids, which could lead to a spill out of the buffer zone.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
TrustedFirmware
Published
2025-07-30
Last Modified
2026-02-24
References
https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/fwu_tlv_payload_out_of_bounds_vulnerability.html https://git.trustedfirmware.org/plugins/gitiles/TF-M/trusted-firmware-m.git/+/refs/heads/main/secure_fw/partitions/firmware_update/bootloader/mcuboot/tfm_mcuboot_fwu.c#257 https://www.trustedfirmware.org/projects/tf-m/ https://access.redhat.com/security/cve/cve-2025-53022