High severity7.8NVD Advisory· Published Dec 7, 2021· Updated Jun 5, 2026

CVE-2021-44149

Description

An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Arm/Op Tee
cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*
Range: <=3.15.0
Trusted Firmware/OP-TEE Trusted OSdescription
Op Tee/Optee OSllm-fuzzy
Range: <=3.15.0

Patches

Vulnerability mechanics

References

github.com/OP-TEE/optee_os/tagsnvdRelease NotesThird Party Advisory
github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0002-OP-TEE_TrustZone_bypass_at_wakeup.txtnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000