CVE-2023-40271
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/09/2023
Last modified:
27/11/2024
Description
In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:arm:trusted_firmware-m:1.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:arm:trusted_firmware-m:1.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:arm:trusted_firmware-m:1.7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:arm:trusted_firmware-m:1.8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst
- https://tf-m-user-guide.trustedfirmware.org/releases/index.html
- https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/security/security_advisories/cc3xx_partial_tag_compare_on_chacha20_poly1305.rst
- https://tf-m-user-guide.trustedfirmware.org/releases/index.html