f-secure-foundry/advisories

f-secure-foundry/advisories

Releases0

Stars24

(Inverse Path | F-Secure) Hardware Security Team - Security Advisories

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-36133 ↗	Dec 7, 2021Tuesday, 7 December 2021, 21:15	7.1 HIGH	3.6 LOW
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
CVE-2021-44149 ↗	Dec 7, 2021Tuesday, 7 December 2021, 21:15	7.8 HIGH	4.6 MEDIUM
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.
CVE-2019-5478 ↗	Sep 3, 2019Tuesday, 3 September 2019, 20:15	5.5 MEDIUM	2.1 LOW
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.