CVE-2023-40271EPSS p23.9%

CVE-2023-40271CVE-2023-40271

trustedfirmware / trusted_firmware-m

Description

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS0.32% probability of exploitation · percentile 23.9% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2021-40327
CVE
CVE-2021-32032
CVE
CVE-2026-5479
CVE
CVE-2021-43619
CVE
CVE-2023-51712
CVE
CVE-2026-46033
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.