First published: Tue Dec 07 2021(Updated: )
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linaro OP-TEE | <=3.15.0 | |
Nxp I.mx 6ultralite | ||
All of | ||
Linaro OP-TEE | <=3.15.0 | |
Nxp I.mx 6ultralite |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-44149.
The affected software is Linaro OP-TEE version up to and including 3.15.0.
The severity of CVE-2021-44149 is high with a CVSS score of 7.8.
The vulnerability in OP-TEE Trusted OS allows TrustZone bypass due to the lack of security access configuration for wakeup-related registers in NXP i.MX6UL SoC devices.
To fix this vulnerability, it is recommended to upgrade to a version of Trusted Firmware OP-TEE Trusted OS that is higher than 3.15.0.