CVE-2021-44149 : Exploit Details and Defense Strategies

An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.

Understanding CVE-2021-44149

This CVE record highlights a vulnerability in Trusted Firmware OP-TEE Trusted OS that allows TrustZone bypass on NXP i.MX6UL SoC devices.

What is CVE-2021-44149?

The vulnerability stems from a lack of security access configuration in the OPTEE-OS CSU driver, enabling unauthorized memory access across security environments.

The Impact of CVE-2021-44149

The issue permits the NonSecure World to execute unauthorized read/write operations on Secure World memory, compromising system integrity and security.

Technical Details of CVE-2021-44149

This section delves into the technical specifics of the vulnerability.

Vulnerability Description

The vulnerability arises from the absence of security access configuration for wakeup-related registers in the OPTEE-OS CSU driver for NXP i.MX6UL SoC devices.

Affected Systems and Versions

Vulnerable versions: Trusted Firmware OP-TEE Trusted OS through 3.15.0

Exploitation Mechanism

The lack of proper security configuration allows the NonSecure World to conduct unapproved memory operations on the Secure World memory, leading to a TrustZone bypass.

Mitigation and Prevention

To address the CVE-2021-44149 vulnerability, follow these mitigation strategies.

Immediate Steps to Take

Apply vendor-supplied patches and updates promptly.
Monitor security advisories from trusted sources.

Long-Term Security Practices

Implement secure coding practices and regular security audits.
Conduct thorough security assessments of third-party components.

Patching and Updates

Ensure the NXP i.MX6UL SoC devices are updated with the latest security patches.