CVE-2021-43619

2022-03-0105:15:07

Google

osv.dev

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

CPENameOperatorVersion
trusted-firmware-m.giteq1.0-beta
trusted-firmware-m.giteqTF-Mv1.2-RC3
trusted-firmware-m.giteqTF-Mv1.2.0
trusted-firmware-m.giteqTF-Mv1.3.0
trusted-firmware-m.giteqTF-Mv1.0
trusted-firmware-m.giteqTF-Mv1.3.0-RC3
trusted-firmware-m.giteqTF-Mv1.0-RC2
trusted-firmware-m.giteqTF-Mv1.1-RC1
trusted-firmware-m.giteqTF-Mv1.1-RC2
trusted-firmware-m.giteqTF-Mv1.2-RC1

Name	Operator	Version
trusted-firmware-m.git	eq	1.0-beta
trusted-firmware-m.git	eq	TF-Mv1.2-RC3
trusted-firmware-m.git	eq	TF-Mv1.2.0
trusted-firmware-m.git	eq	TF-Mv1.3.0
trusted-firmware-m.git	eq	TF-Mv1.0
trusted-firmware-m.git	eq	TF-Mv1.3.0-RC3
trusted-firmware-m.git	eq	TF-Mv1.0-RC2
trusted-firmware-m.git	eq	TF-Mv1.1-RC1
trusted-firmware-m.git	eq	TF-Mv1.1-RC2
trusted-firmware-m.git	eq	TF-Mv1.2-RC1