CVE-2021-27562CISA KEVEPSS p86.0%

CVE-2021-27562Arm Trusted Firmware Out-of-Bounds Write Vulnerability

Arm / Trusted Firmware

Description

Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.

Scoring

CVSS 5.5 ()
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS3.09% probability of exploitation · percentile 86.0% · 2026-06-18T12:00:27Z
Last modified2026-06-05

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryArm Trusted Firmware Out-of-Bounds Write Vulnerabilitykev-cve-2021-275620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
CVE
CVE-2017-7564
CVE
CVE-2022-47630
CVE
CVE-2022-47549
CVE
CVE-2018-19440
CVE
CVE-2021-43619
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.