Vulnerability Details CVE-2021-27562
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.699
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.9
Proposed Action
Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.
Ransomware Campaign
Unknown
References
- https://developer.arm.com/support/arm-security-updates
- https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
- https://developer.arm.com/support/arm-security-updates
- https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
Products affected by CVE-2021-27562
-
cpe:2.3:o:arm:trusted_firmware-m:1.0
-
cpe:2.3:o:arm:trusted_firmware-m:1.1
-
cpe:2.3:o:arm:trusted_firmware-m:1.2.0