CVE-2023-40271

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function...

CVE-2021-40327

Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner...

Authorization

Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner...

CVE-2021-40327

Affected software: Trusted Firmware-M (TF-M) 1.4.0, specifically when using Profile Small. Vulnerability: Incorrect access control allows NSPE to access a secure key held by the Crypto service based solely on knowledge of the key ID; there is no authorization check governing the relationship betw...

CVE-2021-32032

Trusted Firmware-M (TF-M) up to version 1.3.0 is affected by CVE-2021-32032. The issue arises when cleaning up memory for a multi-part cryptographic operation after a failure: the abort() path in the cryptographic library may fail to free internal resources, causing a memory leak. The CVE entry n...