CVE-2021-36133 - Vulnerability Details - OpenCVE

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0026.

Key SSVC decision points have not yet been added.

Vendors	Products
Nxp	I.mx6sx I.mx 6 I.mx 6solox I.mx 6ull I.mx 6ulz I.mx 7ds
Trustedfirmware	Op-tee

Configuration 1 [-]

AND

cpe:2.3:o:trustedfirmware:op-tee:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:nxp:i.mx_6:-:::::::*
	cpe:2.3:h:nxp:i.mx_6solox:-:::::::*
	cpe:2.3:h:nxp:i.mx_6ull:-:::::::*
	cpe:2.3:h:nxp:i.mx_6ulz:-:::::::*
	cpe:2.3:h:nxp:i.mx_7ds:-:::::::*
	cpe:2.3:h:nxp:i.mx6sx:-:::::::*

No data.

No data.

References

Link	Providers
https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt

History

Fri, 05 Jun 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trustedfirmware Trustedfirmware op-tee
CPEs	cpe:2.3:o:linaro:op-tee:-:::::::*	cpe:2.3:o:trustedfirmware:op-tee:-:::::::*
Vendors & Products	Linaro Linaro op-tee	Trustedfirmware Trustedfirmware op-tee

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-07T20:42:31.000Z

Updated: 2024-08-04T00:47:43.842Z

Reserved: 2021-07-02T00:00:00.000Z

Link: CVE-2021-36133

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-12-07T21:15:08.257

Modified: 2026-06-17T03:58:24.097

Link: CVE-2021-36133

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-07T20:42:31.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-36133", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt", "refsource": "MISC", "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:47:43.842Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-36133", "datePublished": "2021-12-07T20:42:31.000Z", "dateReserved": "2021-07-02T00:00:00.000Z", "dateUpdated": "2024-08-04T00:47:43.842Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "source": "cve@mitre.org"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trustedfirmware:op-tee:-:*:*:*:*:*:*:*", "matchCriteriaId": "3109B858-A41D-4FF4-9BE8-AA27EE22CB19", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:nxp:i.mx_6:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B3D9F06-FBAB-4271-81AF-D135995BC7CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*", "matchCriteriaId": "71631A11-FB49-4335-BB1B-47EB9061F47B", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2CD0D2A-C1A5-4771-ADAB-70375BF06670", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_6ulz:-:*:*:*:*:*:*:*", "matchCriteriaId": "38EB61DF-AE1E-4073-89F3-86194D2B8C82", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx_7ds:-:*:*:*:*:*:*:*", "matchCriteriaId": "03B83613-161E-4AF4-B828-17821B868138", "vulnerable": false}, {"criteria": "cpe:2.3:h:nxp:i.mx6sx:-:*:*:*:*:*:*:*", "matchCriteriaId": "62F22874-A623-4705-B8B7-A0C7E1BDA705", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral."}, {"lang": "es", "value": "El controlador CSU de OPTEE-OS para los dispositivos NXP i.MX SoC carece de configuraci\u00f3n de acceso de seguridad para varios modelos, resultando en una omisi\u00f3n de TrustZone porque el Mundo no Seguro puede llevar a cabo operaciones arbitrarias de lectura/escritura de memoria en la memoria del Mundo Seguro. Esto implica un perif\u00e9rico con capacidad DMA"}], "id": "CVE-2021-36133", "lastModified": "2026-06-17T03:58:24.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-07T21:15:08.257", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}