ID
VAR-202203-0923
CVE
CVE-2021-43619
TITLE
ARM Trusted Firmware M Security hole
Trust: 0.6
sources:
CNNVD: CNNVD-202203-001
DESCRIPTION
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations
Trust: 0.99
sources:
NVD: CVE-2021-43619 //
VULHUB: VHN-406252
AFFECTED PRODUCTS
| vendor: | arm | model: | trusted -m | scope: | eq | version: | 1.4.0 | Trust: 1.0 |
| vendor: | arm | model: | trusted -m | scope: | eq | version: | 1.4.1 | Trust: 1.0 |
sources:
NVD: CVE-2021-43619
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-406252 //
CNNVD: CNNVD-202203-001 //
NVD: CVE-2021-43619
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.1 |
sources:
VULHUB: VHN-406252 //
NVD: CVE-2021-43619
THREAT TYPE
local
Trust: 0.6
sources:
CNNVD: CNNVD-202203-001
TYPE
other
Trust: 0.6
sources:
CNNVD: CNNVD-202203-001
PATCH
| title: | ARM Trusted Firmware M Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185344 | Trust: 0.6 |
sources:
CNNVD: CNNVD-202203-001
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-43619 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-202203-001 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-406252 | Trust: 0.1 |
sources:
VULHUB: VHN-406252 //
CNNVD: CNNVD-202203-001 //
NVD: CVE-2021-43619
REFERENCES
| url: | https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/fwu_write_vulnerability.html | Trust: 1.7 |
| url: | https://developer.arm.com/support/arm-security-updates | Trust: 1.7 |
| url: | https://git.trustedfirmware.org/tf-m/trusted-firmware-m.git/ | Trust: 1.7 |
| url: | https://www.trustedfirmware.org | Trust: 1.7 |
| url: | https://cxsecurity.com/cveshow/cve-2021-43619/ | Trust: 0.6 |
sources:
VULHUB: VHN-406252 //
CNNVD: CNNVD-202203-001 //
NVD: CVE-2021-43619
SOURCES
| db: | VULHUB | id: | VHN-406252 |
| db: | CNNVD | id: | CNNVD-202203-001 |
| db: | NVD | id: | CVE-2021-43619 |
LAST UPDATE DATE
2024-11-28T22:45:55.510000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-406252 | date: | 2022-03-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-202203-001 | date: | 2022-03-10T00:00:00 |
| db: | NVD | id: | CVE-2021-43619 | date: | 2024-11-27T20:03:20.203 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-406252 | date: | 2022-03-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-202203-001 | date: | 2022-03-01T00:00:00 |
| db: | NVD | id: | CVE-2021-43619 | date: | 2022-03-01T05:15:07.803 |