CVE-2021-43619 Information

Description

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html https://www.trustedfirmware.org https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/ https://developer.arm.com/support/arm-security-updates

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8