3 matches found
CVE-2021-40327
Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner...
Authorization
Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner...
CVE-2021-40327
Affected software: Trusted Firmware-M (TF-M) 1.4.0, specifically when using Profile Small. Vulnerability: Incorrect access control allows NSPE to access a secure key held by the Crypto service based solely on knowledge of the key ID; there is no authorization check governing the relationship betw...