This page lists publicly disclosed CVE vulnerabilities affecting trustedfirmware trusted_firmware-m (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-51712 | An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. | [email protected] | 4.7 | 0.15% | 2024-09-05 | 2026-06-05 |
| CVE-2023-40271 | In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authenti | [email protected] | 7.5 | 0.15% | 2023-09-08 | 2026-06-05 |
| CVE-2021-43619 | Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations. | [email protected] | 7.8 | 0.11% | 2022-03-01 | 2026-06-05 |
| CVE-2021-40327 | Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner. | [email protected] | 5.9 | 0.33% | 2022-01-13 | 2026-06-05 |
| CVE-2021-27562 KEV | In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. | [email protected] | 5.5 | 10.87% | 2021-05-25 | 2026-06-05 |
| CVE-2021-32032 | In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak. | [email protected] | 7.5 | 0.56% | 2021-05-21 | 2026-06-08 |