CVE-2021-27562

Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers. Vendor/Product: Arm Trusted Firmware. Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.