A high-severity memory corruption vulnerability in the TIGERF trustlet allows a local attacker to access protected data, compromising system confidentiality.

The vulnerability is an "Access of Memory Location After End of Buffer" (out-of-bounds read) flaw within the TIGERF trustlet. A local, authenticated attacker can exploit this to read from memory locations that should be inaccessible, potentially exposing sensitive information like keys, passwords, or personal data stored in protected memory.

Exploitation of this vulnerability breaks the isolation guarantees of the trusted execution environment, leading to a breach of data confidentiality. An attacker could extract cryptographic materials or other secrets, enabling further system compromise or unauthorized data access. The CVSS score of 7.9 (High) reflects the serious impact of leaking data from a supposedly secure environment.

Immediate Action: Apply the SMR Apr-2023 Release 1 update or a newer version from the vendor to remediate this memory access vulnerability.

Proactive Monitoring: While direct monitoring of trustlet memory access is difficult, system logs should be monitored for any related process crashes or security alerts that could indicate exploitation attempts.

Compensating Controls: Enforce strict controls over who can execute code on the device. Use application whitelisting to prevent malicious software that could exploit this flaw from running.

Public Exploit Available: false

This vulnerability undermines a core security component of the affected system and must be addressed urgently. Organizations must apply the vendor's security patch immediately to protect sensitive data stored in memory and maintain the integrity of the trusted execution environment.