CVE-2025-53022 (CNNVD-202507-3814)
中文标题:
TrustedFirmware-M 安全漏洞
英文标题:
TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2.1.3 and 2.2.x before 2.2.1 ...
漏洞描述
中文描述:
TrustedFirmware-M是英国TrustedFirmware开源的一款微控制器的固件系统。 TrustedFirmware-M 2.1.3之前版本和2.2.1之前版本存在安全漏洞,该漏洞源于固件升级期间长度验证不足,可能导致缓冲区溢出。
英文描述:
TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade (FWU) module does not validate the length field of the Type-Length-Value (TLV) structure for dependent components against the maximum allowed size. If the length specified in the TLV exceeds the size of the buffer allocated on the stack, the FWU module will overwrite the buffer (and potentially other stack data) with the TLV's value content. An attacker could exploit this by crafting a malicious TLV entry in the unprotected section of the MCUBoot upgrade image. By setting the length field to exceed the expected structure size, the attacker can manipulate the stack memory of the system during the upgrade process.
CWE类型:
标签:
受影响产品
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-53022 |
2025-11-11 15:23:27 | 2025-11-11 07:40:40 |
| NVD | nvd_CVE-2025-53022 |
2025-11-11 15:00:58 | 2025-11-11 07:48:28 |
| CNNVD | cnnvd_CNNVD-202507-3814 |
2025-11-11 15:12:52 | 2025-11-11 08:00:03 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202507-3814
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']