CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-32032

In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.3%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst
https://www.trustedfirmware.org
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/crypto_multi_part_ops_abort_fail.rst
https://www.trustedfirmware.org

Products affected by CVE-2021-32032

Linaro » Trusted Firmware-M » Version: N/A

cpe:2.3:a:linaro:trusted_firmware-m:-
Linaro » Trusted Firmware-M » Version: 1.0

cpe:2.3:a:linaro:trusted_firmware-m:1.0
Linaro » Trusted Firmware-M » Version: 1.1

cpe:2.3:a:linaro:trusted_firmware-m:1.1
Linaro » Trusted Firmware-M » Version: 1.2.0

cpe:2.3:a:linaro:trusted_firmware-m:1.2.0
Linaro » Trusted Firmware-M » Version: 1.3.0

cpe:2.3:a:linaro:trusted_firmware-m:1.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-32032

Products

Pricing

Contact Us