Search Results (78 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36133 2 Nxp, Trustedfirmware 7 I.mx6sx, I.mx 6, I.mx 6solox and 4 more 2026-06-05 7.1 High
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
CVE-2021-44149 2 Nxp, Trustedfirmware 2 I.mx 6ultralite, Op-tee 2026-06-05 7.8 High
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.
CVE-2022-47549 1 Trustedfirmware 1 Op-tee 2026-06-05 6.4 Medium
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
CVE-2023-41325 1 Trustedfirmware 1 Op-tee 2026-06-05 7.4 High
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.
CVE-2026-45702 2 Op-tee, Trustedfirmware 2 Op-tee Os, Op-tee 2026-06-05 4.4 Medium
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFA_MEM_SHARE request from the normal world. This only applies when OP-TEE is configured as an SPMC for S-EL0 SPs, that is, with `CFG_CORE_SEL1_SPMC=y` and `CFG_SECURE_PARTITION=y`. Version 4.11.0 fixes the issue.
CVE-2023-51712 1 Trustedfirmware 1 Trusted Firmware-m 2026-06-05 4.7 Medium
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
CVE-2023-40271 1 Trustedfirmware 1 Trusted Firmware-m 2026-06-05 7.5 High
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.
CVE-2021-43619 1 Trustedfirmware 1 Trusted Firmware-m 2026-06-05 7.8 High
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
CVE-2021-27562 1 Trustedfirmware 1 Trusted Firmware-m 2026-06-05 5.5 Medium
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
CVE-2022-47630 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 7.4 High
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.
CVE-2023-31339 2 Amd, Trustedfirmware 43 Trusted Firmware-a, Zu11eg, Zu15eg and 40 more 2026-06-05 4.8 Medium
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVE-2017-9607 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 7.0 High
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.
CVE-2018-19440 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 5.3 Medium
ARM Trusted Firmware-A allows information disclosure.
CVE-2017-15031 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 7.5 High
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
CVE-2026-34871 3 Arm, Mbed-tls, Trustedfirmware 4 Mbed Tls, Mbedtls, Tf-psa-crypto and 1 more 2026-06-05 6.7 Medium
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
CVE-2026-34875 2 Mbed-tls, Trustedfirmware 4 Mbedtls, Tf-psa-crypto, Mbed Tls and 1 more 2026-06-05 9.8 Critical
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
CVE-2026-25835 3 Arm, Mbed-tls, Trustedfirmware 5 Mbed Tls, Mbedtls, Tf-psa-crypto and 2 more 2026-06-05 7.7 High
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2023-43615 4 Arm, Fedoraproject, Mbed and 1 more 4 Mbed Tls, Fedora, Mbedtls and 1 more 2026-06-05 7.5 High
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
CVE-2023-45199 2 Mbed, Trustedfirmware 2 Mbedtls, Mbed Tls 2026-06-05 9.8 Critical
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
CVE-2024-23170 2 Arm, Trustedfirmware 2 Mbed Tls, Mbed Tls 2026-06-05 5.5 Medium
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.