CVE-2021-36133 - OpenCVE

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linaro	Op-tee
Nxp	I.mx6sx I.mx 6 I.mx 6solox I.mx 6ull I.mx 6ulz I.mx 7ds

Configuration 1 [-]

AND

cpe:2.3:o:linaro:op-tee:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:i.mx_6:-:::::::*
	cpe:2.3:h:nxp:i.mx_6solox:-:::::::*
	cpe:2.3:h:nxp:i.mx_6ull:-:::::::*
	cpe:2.3:h:nxp:i.mx_6ulz:-:::::::*
	cpe:2.3:h:nxp:i.mx_7ds:-:::::::*
	cpe:2.3:h:nxp:i.mx6sx:-:::::::*

No data.

References

Link	Providers
https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-07T20:42:31

Updated: 2024-08-04T00:47:43.842Z

Reserved: 2021-07-02T00:00:00

Link: CVE-2021-36133

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-07T21:15:08.257

Modified: 2021-12-09T19:53:15.437

Link: CVE-2021-36133

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-07T20:42:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-36133", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt", "refsource": "MISC", "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:47:43.842Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-36133", "datePublished": "2021-12-07T20:42:31", "dateReserved": "2021-07-02T00:00:00", "dateUpdated": "2024-08-04T00:47:43.842Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linaro:op-tee:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F8D35B9-CF81-4539-A691-DF6ABA515B92", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nxp:i.mx_6:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B3D9F06-FBAB-4271-81AF-D135995BC7CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*", "matchCriteriaId": "71631A11-FB49-4335-BB1B-47EB9061F47B", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2CD0D2A-C1A5-4771-ADAB-70375BF06670", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_6ulz:-:*:*:*:*:*:*:*", "matchCriteriaId": "38EB61DF-AE1E-4073-89F3-86194D2B8C82", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_7ds:-:*:*:*:*:*:*:*", "matchCriteriaId": "03B83613-161E-4AF4-B828-17821B868138", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx6sx:-:*:*:*:*:*:*:*", "matchCriteriaId": "62F22874-A623-4705-B8B7-A0C7E1BDA705", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."}, {"lang": "es", "value": "El controlador CSU de OPTEE-OS para los dispositivos NXP i.MX SoC carece de configuraci\u00f3n de acceso de seguridad para varios modelos, resultando en una omisi\u00f3n de TrustZone porque el Mundo no Seguro puede llevar a cabo operaciones arbitrarias de lectura/escritura de memoria en la memoria del Mundo Seguro. Esto implica un perif\u00e9rico con capacidad DMA"}], "id": "CVE-2021-36133", "lastModified": "2021-12-09T19:53:15.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-07T21:15:08.257", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}