Search Results (78 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36133 2 Nxp, Trustedfirmware 7 I.mx6sx, I.mx 6, I.mx 6solox and 4 more 2026-06-05 7.1 High
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
CVE-2019-1010294 1 Trustedfirmware 1 Op-tee 2026-06-05 N/A
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2019-1010295 1 Trustedfirmware 1 Op-tee 2026-06-05 N/A
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2020-13799 2 Trustedfirmware, Westerndigital 7 Op-tee, Inand Cl Em132, Inand Cl Em132 Firmware and 4 more 2026-06-05 6.8 Medium
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.
CVE-2019-1010292 1 Trustedfirmware 1 Op-tee 2026-06-05 N/A
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
CVE-2021-27562 1 Trustedfirmware 1 Trusted Firmware-m 2026-06-05 5.5 Medium
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
CVE-2023-51712 1 Trustedfirmware 1 Trusted Firmware-m 2026-06-05 4.7 Medium
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
CVE-2021-43619 1 Trustedfirmware 1 Trusted Firmware-m 2026-06-05 7.8 High
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
CVE-2023-40271 1 Trustedfirmware 1 Trusted Firmware-m 2026-06-05 7.5 High
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.
CVE-2023-31339 2 Amd, Trustedfirmware 43 Trusted Firmware-a, Zu11eg, Zu15eg and 40 more 2026-06-05 4.8 Medium
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVE-2018-19440 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 5.3 Medium
ARM Trusted Firmware-A allows information disclosure.
CVE-2017-9607 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 7.0 High
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.
CVE-2022-47630 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 7.4 High
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.
CVE-2017-15031 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 7.5 High
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
CVE-2026-34871 3 Arm, Mbed-tls, Trustedfirmware 4 Mbed Tls, Mbedtls, Tf-psa-crypto and 1 more 2026-06-05 6.7 Medium
An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
CVE-2026-34875 2 Mbed-tls, Trustedfirmware 4 Mbedtls, Tf-psa-crypto, Mbed Tls and 1 more 2026-06-05 9.8 Critical
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
CVE-2026-25835 3 Arm, Mbed-tls, Trustedfirmware 5 Mbed Tls, Mbedtls, Tf-psa-crypto and 2 more 2026-06-05 7.7 High
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2018-19608 2 Arm, Trustedfirmware 2 Mbed Tls, Mbed Tls 2026-06-05 N/A
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
CVE-2019-16910 4 Arm, Debian, Fedoraproject and 1 more 5 Mbed Crypto, Mbed Tls, Debian Linux and 2 more 2026-06-05 5.3 Medium
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
CVE-2026-34876 2 Mbed-tls, Trustedfirmware 2 Mbedtls, Mbed Tls 2026-06-05 7.5 High
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.