Skip to main content

Trusted Firmware M

6 CVEs product

Monthly

CVE-2023-51712 MEDIUM This Month

An issue was discovered in Trusted Firmware-M through 2.0.0. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Trusted Firmware M
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-40271 HIGH POC This Week

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trusted Firmware M
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-43619 HIGH POC PATCH This Week

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Trusted Firmware M
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-40327 MEDIUM PATCH This Month

Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Trusted Firmware M
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-27562 MEDIUM KEV THREAT This Month

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 51.1%.

Memory Corruption Buffer Overflow Trusted Firmware M
NVD VulDB
CVSS 3.1
5.5
EPSS
51.1%
Threat
4.1
CVE-2021-32032 HIGH POC PATCH This Week

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trusted Firmware M
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
EPSS 0% CVSS 4.7
MEDIUM This Month

An issue was discovered in Trusted Firmware-M through 2.0.0. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Trusted Firmware M
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trusted Firmware M
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Trusted Firmware M
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Trusted Firmware M
NVD VulDB
EPSS 51% 4.1 CVSS 5.5
MEDIUM KEV THREAT This Month

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 51.1%.

Memory Corruption Buffer Overflow Trusted Firmware M
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Trusted Firmware M
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy