本ページは trustedfirmware trusted_firmware-m に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-51712 | An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. | [email protected] | 4.7 | 0.29% | 2024-09-05 | 2026-06-17 |
| CVE-2023-40271 | In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authenti | [email protected] | 7.5 | 0.32% | 2023-09-07 | 2026-06-17 |
| CVE-2021-43619 | Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. | [email protected] | 7.8 | 0.41% | 2022-03-01 | 2026-06-17 |
| CVE-2021-40327 | Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner. | [email protected] | 5.9 | 1.19% | 2022-01-13 | 2026-06-17 |
| CVE-2021-27562 KEV | In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. | [email protected] | 5.5 | 3.09% | 2021-05-25 | 2026-06-16 |
| CVE-2021-32032 | In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak. | [email protected] | 7.5 | 1.77% | 2021-05-21 | 2026-06-16 |