CVE-2023-51712 – This vulnerability in Trusted Firmware-M allows... (How to Fix)

Q: What is the severity of CVE-2023-51712?

CVE-2023-51712 has a CVSS score of 4.7 (MEDIUM). This vulnerability in Trusted Firmware-M allows attackers to read sensitive data through the logging subsystem due to insufficient argument verification. It affects systems running Trusted Firmware-M up to version 2.0.0. The issue enables information disclosure from secure firmware components.

📋 TL;DR

This vulnerability in Trusted Firmware-M allows attackers to read sensitive data through the logging subsystem due to insufficient argument verification. It affects systems running Trusted Firmware-M up to version 2.0.0. The issue enables information disclosure from secure firmware components.

💻 Affected Systems

Products:

Trusted Firmware-M

Versions: through 2.0.0

Operating Systems: Embedded systems using TF-M

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with debug logging enabled. Production systems may have logging disabled by default.

📦 What is this software?

Trusted Firmware M by Arm

View all CVEs affecting Trusted Firmware M →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract cryptographic keys, authentication credentials, or other sensitive firmware data, potentially compromising the entire secure execution environment.

🟠

Likely Case

Information disclosure of debug data, memory contents, or configuration details that could aid further attacks against the system.

🟢

If Mitigated

Limited information leakage if debug logging is disabled or proper access controls prevent exploitation.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to the logging subsystem interface, which typically requires some level of system access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.0 and later

Vendor Advisory: https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/debug_log_vulnerability.html

Restart Required: Yes

Instructions:

1. Update Trusted Firmware-M to version 2.1.0 or later. 2. Rebuild and reflash firmware. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable Debug Logging

all

Disable debug logging functionality in Trusted Firmware-M configuration

Modify TF-M build configuration to set TFM_PARTITION_LOG_LEVEL=TFM_LOG_LEVEL_NONE

🧯 If You Can't Patch

Disable debug logging functionality completely
Restrict access to logging interfaces through access controls

🔍 How to Verify

Check if Vulnerable:

Check TF-M version: if version ≤ 2.0.0 and debug logging is enabled, system is vulnerable.

Check Version:

Check firmware version through device management interface or examine firmware binaries

Verify Fix Applied:

Verify TF-M version is ≥ 2.1.0 and check that argument verification is implemented in logging functions.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to logging functions
Excessive debug log output containing sensitive data

Network Indicators:

Not applicable - local firmware vulnerability

SIEM Query:

Not applicable for typical SIEM systems - requires firmware monitoring

📊 Metadata

CVE ID: CVE-2023-51712

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Published: September 5, 2024

Last Updated: March 25, 2025

🔗 References

https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/ Product
https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/debug_log_vulnerability.html Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON