漏洞标题
N/A
漏洞描述信息
在Trusted Firmware-M中,通过TF-Mv1.8.0,对于整合CryptoCell加速器的平台,当选择CryptoCell PSA驱动程序软件接口时,使用 authenticated 加密与相关数据Chacha20-Poly1305算法,并将单部分验证函数(在构建时配置阶段定义)用专用函数实现(即不依赖多部分函数的使用),在验证元数据标签时,缓冲区比较不是在全部16字节上发生,而是在前4字节上,因此可能导致未验证的payload可能会被识别为真实。这会影响TF-Mv1.6.0、TF-Mv1.6.1、TF-Mv1.7.0和TF-Mv1.8。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
漏洞类别
内存缓冲区边界内操作的限制不恰当
漏洞标题
N/A
漏洞描述信息
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Linaro Trusted Firmware-M 安全漏洞
漏洞描述信息
Linaro Trusted Firmware-M(Tf-M)是英国Linaro公司的一个平台安全架构 (Psa) 物联网安全框架的参考实现。 Trusted Firmware-M TF-Mv1.8.0及之前版本存在安全漏洞,该漏洞源于验证身份标记期间的缓冲区存在安全漏洞,导致未经身份验证的有效载荷被标识为真实载荷。
CVSS信息
N/A
漏洞类别
其他