CVE-2021-27562

MEDIUMCISA KEV

5.5

Descripcion

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.

Detalles CVE

Puntuacion CVSS v3.15.5

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado5/25/2021

Ultima modificacion11/3/2025

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorArm

ProductoTrusted Firmware

Nombre vulnerabilidadArm Trusted Firmware Out-of-Bounds Write Vulnerability

Fecha inclusion KEV2021-11-03

Fecha limite remediacion2021-11-17

Uso en ransomwareUnknown

Productos afectados

arm:trusted_firmware-m

Debilidades (CWE)

CWE-787CWE-787

Referencias

https://developer.arm.com/support/arm-security-updates(cve@mitre.org)

https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst(cve@mitre.org)

https://developer.arm.com/support/arm-security-updates(af854a3a-2127-422b-91ae-364da2661108)

https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27562(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.