CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-36133

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.6%

CVSS Severity

CVSS v3 Score 7.1

CVSS v2 Score 3.6

References

https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt
https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt

Products affected by CVE-2021-36133

Nxp » I.mx6sx » Version: N/A

cpe:2.3:h:nxp:i.mx6sx:-
Nxp » I.mx 6 » Version: N/A

cpe:2.3:h:nxp:i.mx_6:-
Nxp » I.mx 6solox » Version: N/A

cpe:2.3:h:nxp:i.mx_6solox:-
Nxp » I.mx 6ull » Version: N/A

cpe:2.3:h:nxp:i.mx_6ull:-
Nxp » I.mx 6ulz » Version: N/A

cpe:2.3:h:nxp:i.mx_6ulz:-
Nxp » I.mx 7ds » Version: N/A

cpe:2.3:h:nxp:i.mx_7ds:-
Linaro » Op-Tee » Version: N/A

cpe:2.3:o:linaro:op-tee:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36133

Products

Pricing

Contact Us