- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- i.MX Security
- :
- Knowledge Base
- :
- Arm Trusted Firmware (ATF) Vulnerability
Arm Trusted Firmware (ATF) Vulnerability
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Arm Trusted Firmware (ATF) Vulnerability
Arm Trusted Firmware (ATF) Vulnerability
Overview
A privilege escalation software vulnerability had been discovered in the Arm Trusted Firmware (imx-atf) component of the NXP BSP.
Description
A privileged local attacker could set or clear the low bit of an arbitrary byte memory in the Trusted Execution Environment (TEE)/TrustZone OS, defeating the isolation of secure memory from the Rich Execution Environment (REE).
Exploitation requires the attacker to execute arbitrary code in REE kernel context or u-boot (Non-secure EL1) to issue Secure Monitor Calls (SMCs).
The domain id is not bounded in the function "imx_gpc_pm_domain_enable", leading to this potential overflow and privilege escalation.
Impact
- NXP BSP versions prior to L5.10.52-2.1.0-rc1
- i.MX 8 processors using ATF
Mitigation
This vulnerability has been addressed from NXP BSP versions L5.10.52-2.1.0-rc1 release and beyond.
For customers using previous NXP BSP releases, the following commit will need to be backported/applied:
----
commit 32e8f05e5df514ff4c948508d9542cfe2729cb55
Author: Jacky Bai <ping.bai@nxp.com>
Date: Tue Jul 13 16:06:29 2021 +0800
LF-4198 plat: imx8m: Fix the potential array overflow
Check the domain_id to make sure the index passed by the Rich-OS does not exceed the range of the domain arrays.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
-----
A patch that addresses this potential security vulnerability has also been attached to this thread.
