Buffer overflow

2022-03-0105:15:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.1%

JSON

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.

CPENameOperatorVersion
trusted_firmware-meq1.4.1
trusted_firmware-meq1.4.0

CPE	Name	Operator	Version
	trusted_firmware-m	eq	1.4.1
	trusted_firmware-m	eq	1.4.0

References

developer.arm.com/support/arm-security-updates

git.trustedfirmware.org/TF-M/trusted-firmware-m.git/

tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html

www.trustedfirmware.org