Skip to main content

Op Tee CVE-2021-36133

HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2021-12-07 cve@mitre.org
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 07, 2021 - 21:15 cve.org
HIGH 7.1

DescriptionCVE.org

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.

AnalysisAI

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral. Affected products include: Trustedfirmware Op-Tee.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.

More in Op Tee

View all
CVE-2022-46152 HIGH POC
8.2 Nov 29

OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Rated high sever

CVE-2023-41325 HIGH POC
7.4 Sep 15

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Corte

CVE-2019-1010298 CRITICAL
9.8 Jul 15

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera

CVE-2022-47549 MEDIUM POC
6.4 Dec 19

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TE

CVE-2019-1010297 CRITICAL
9.8 Jul 15

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera

CVE-2019-1010296 CRITICAL
9.8 Jul 15

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera

CVE-2019-1010295 CRITICAL
9.8 Jul 15

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera

CVE-2019-1010292 CRITICAL
9.8 Jul 16

Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. Rated critical severity (CVSS 9.8), this v

CVE-2019-1010293 CRITICAL
9.8 Jul 15

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. Rated critical severity (CVSS 9.8), this vulne

CVE-2019-25052 CRITICAL
9.1 Aug 11

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptogr

CVE-2018-12437 MEDIUM POC
4.9 Jun 15

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden N

CVE-2021-44149 HIGH
7.8 Dec 07

An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. Rated high severity (CVSS 7.8), this vulne

Share

CVE-2021-36133 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy