CVE-2021-36133 - OpenCVE

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Nxp	I.mx 7ds I.mx 6 I.mx 6solox I.mx 6ull I.mx 6ulz I.mx6sx
Linaro	Op-tee

Configuration 1 [-]

AND

cpe:2.3:o:linaro:op-tee:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:i.mx_6:-:::::::*
	cpe:2.3:h:nxp:i.mx_6solox:-:::::::*
	cpe:2.3:h:nxp:i.mx_6ull:-:::::::*
	cpe:2.3:h:nxp:i.mx_6ulz:-:::::::*
	cpe:2.3:h:nxp:i.mx_7ds:-:::::::*
	cpe:2.3:h:nxp:i.mx6sx:-:::::::*

References

Link	Resource
https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-07T20:42:31

Updated: 2021-12-07T20:42:31

Reserved: 2021-07-02T00:00:00

Link: CVE-2021-36133

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-07T21:15:08.257

Modified: 2021-12-09T19:53:15.437

Link: CVE-2021-36133

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-07T20:42:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-36133", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt", "refsource": "MISC", "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-36133", "datePublished": "2021-12-07T20:42:31", "dateReserved": "2021-07-02T00:00:00", "dateUpdated": "2021-12-07T20:42:31", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linaro:op-tee:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F8D35B9-CF81-4539-A691-DF6ABA515B92", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nxp:i.mx_6:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B3D9F06-FBAB-4271-81AF-D135995BC7CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*", "matchCriteriaId": "71631A11-FB49-4335-BB1B-47EB9061F47B", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2CD0D2A-C1A5-4771-ADAB-70375BF06670", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_6ulz:-:*:*:*:*:*:*:*", "matchCriteriaId": "38EB61DF-AE1E-4073-89F3-86194D2B8C82", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_7ds:-:*:*:*:*:*:*:*", "matchCriteriaId": "03B83613-161E-4AF4-B828-17821B868138", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx6sx:-:*:*:*:*:*:*:*", "matchCriteriaId": "62F22874-A623-4705-B8B7-A0C7E1BDA705", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."}, {"lang": "es", "value": "El controlador CSU de OPTEE-OS para los dispositivos NXP i.MX SoC carece de configuraci\u00f3n de acceso de seguridad para varios modelos, resultando en una omisi\u00f3n de TrustZone porque el Mundo no Seguro puede llevar a cabo operaciones arbitrarias de lectura/escritura de memoria en la memoria del Mundo Seguro. Esto implica un perif\u00e9rico con capacidad DMA"}], "id": "CVE-2021-36133", "lastModified": "2021-12-09T19:53:15.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-07T21:15:08.257", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}