CVE-2021-44149
First published: Tue Dec 07 2021(Updated: )
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linaro OP-TEE | <=3.15.0 | |
| Nxp I.mx 6ultralite |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID for this issue is CVE-2021-44149.
What is the affected software?
The affected software is Linaro OP-TEE version up to and including 3.15.0.
What is the severity of CVE-2021-44149?
The severity of CVE-2021-44149 is high with a CVSS score of 7.8.
How does the vulnerability in OP-TEE Trusted OS manifest?
The vulnerability in OP-TEE Trusted OS allows TrustZone bypass due to the lack of security access configuration for wakeup-related registers in NXP i.MX6UL SoC devices.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to upgrade to a version of Trusted Firmware OP-TEE Trusted OS that is higher than 3.15.0.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/linaro
- canonical/linaro op-tee
- version/linaro op-tee/3.15.0
- vendor/nxp
- canonical/nxp i.mx 6ultralite