Trusted Firmware M
CVE-2021-27562
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
AnalysisAI
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 51.1%.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. Affected products include: Trustedfirmware Trusted Firmware-M. Version information: through 1.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Trusted Firmware M
View allTrusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. Rated high severity
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the e
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell P
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. Rated medium severity (CVSS 5
An issue was discovered in Trusted Firmware-M through 2.0.0. Rated medium severity (CVSS 4.7). No vendor patch available
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today