CVE-2021-27562
Published: 25 May 2021
Summary
CVE-2021-27562 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Trustedfirmware Trusted Firmware-M. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 6.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-3 (Security Function Isolation).
Deeper analysis
Arm Trusted Firmware M through version 1.2 contains an out-of-bounds write vulnerability (CWE-787) that manifests when non-secure world code invokes secure functions while executing in NSPE handler mode. The flaw allows the non-secure caller to trigger a system halt, corrupt secure memory regions, or cause secure data to be printed to non-secure outputs.
A local attacker with low privileges in the non-secure world can exploit the issue by crafting calls to secure services under handler mode, resulting in denial of service or leakage and modification of protected assets. The CVSS 5.5 vector reflects local access, low attack complexity, and a primary impact on availability with secondary risks to confidentiality and integrity.
Arm security advisories and the TF-M project advisory on svc_caller_sp_fetching_vulnerability describe the defect and direct users to patched firmware releases. The vulnerability is also catalogued in CISA's Known Exploited Vulnerabilities list, indicating confirmed in-the-wild exploitation against affected devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-14313
Vulnerability details
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces that only authorized callers and processor modes may invoke secure-world functions, blocking the NSPE handler-mode calls that trigger the OOB write.
Requires isolation of security functions from non-security code, preventing the non-secure world from corrupting or leaking secure memory via malformed secure calls.
Restricts the privileges granted to non-secure code so it cannot execute in handler mode when invoking secure services, limiting the attack surface described in the CVE.