CyberSec.Space Logo
Back to CVE Browser

CVE-2021-27562

Known Exploited (CISA KEV)MEDIUM
5.5
CVSS Severity Score
EPSS Score68.1870%
EPSS Percentile96.24th
PublishedMay 25, 2021
Last ModifiedJun 5, 2026

Vulnerability Description

In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.

Affected Platforms (CPE)

πŸ’»
Trustedfirmware

Trusted Firmware M

<= 1.2.0

References & Advisories

πŸ”— https://developer.arm.com/support/arm-security-updates
πŸ”— https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
πŸ”— https://developer.arm.com/support/arm-security-updates
πŸ”— https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27562

Related Vulnerabilities

CVE-2016-56699.8

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificat...

CVE-2021-206958.8

Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote...

CVE-2017-75638.1

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEV...

CVE-2017-57077.8

Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system ...