Vulnerability Description
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linaro | Trusted Firmware-M | <= 1.3.0 |
Related Weaknesses (CWE)
References
- https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1Mailing ListPatchThird Party Advisory
- https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/sExploitThird Party Advisory
- https://www.trustedfirmware.orgVendor Advisory
- https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1Mailing ListPatchThird Party Advisory
- https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/sExploitThird Party Advisory
- https://www.trustedfirmware.orgVendor Advisory
FAQ
What is CVE-2021-32032?
CVE-2021-32032 is a vulnerability with a CVSS score of 7.5 (HIGH). In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptogra...
How severe is CVE-2021-32032?
CVE-2021-32032 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32032?
Check the references section above for vendor advisories and patch information. Affected products include: Linaro Trusted Firmware-M.