Your submission was sent successfully! Close

CVE-2021-40327

Published: 13 January 2022

Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key (held by the Crypto service) based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner.

Priority

High

CVSS 3 base score: 5.9

Status

Package Release Status
arm-trusted-firmware
Launchpad, Ubuntu, Debian
focal Needs triage

hirsute Ignored
(reached end-of-life)
impish Ignored
(reached end-of-life)
jammy Needs triage

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)