CVE-2026-45329— ESP-IDF 输入验证错误漏洞

ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked. Because the underlying TEE-protected hardware peripherals (e.g., ECC, SHA, SPI) run in RISC-V machine mode (M-mode) with full address-space access, a caller could supply pointers into TEE-exclusive memory as inputs, causing the peripheral to read TEE memory and return results derived from it to the REE. Depending on the wrapper, the result contains raw bytes from TEE memory, a computed function of TEE memory recoverable through repeated calls, or a single bit per call that forms an oracle for incremental disclosure of TEE-resident sensitive data. This issue has been patched in versions 5.5.5 and 6.0.1.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

输入验证不恰当

ESP-IDF 输入验证错误漏洞

ESP-IDF是Espressif开源的一个 Windows、Linux 和 macOS 上支持的 Espressif SoC 的开发框架。 ESP-IDF 5.5.4版本和6.0版本存在输入验证错误漏洞，该漏洞源于ESP-TEE安全服务包装器中仅验证部分调用者提供的指针参数，未检查输入指针参数，可能导致调用者提供指向TEE独占内存的指针，使外设读取TEE内存并将结果返回给REE。

N/A

N/A