Linaro

Op-tee

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.7

CVE-2023-41325

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.09.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:21:04

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a d...

6.4

CVE-2022-47549

Exploit
  • EPSS 0.01%
  • Veröffentlicht 19.12.2022 09:15:09
  • Zuletzt bearbeitet 17.04.2025 14:15:24

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications...

7.1

CVE-2021-36133

  • EPSS 0.04%
  • Veröffentlicht 07.12.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:11

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involve...

7.8

CVE-2021-44149

  • EPSS 0.07%
  • Veröffentlicht 07.12.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:30:26

An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure Wo...

9.1

CVE-2019-25052

  • EPSS 0.2%
  • Veröffentlicht 11.08.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 04:39:50

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.

6.8

CVE-2020-13799

  • EPSS 0.06%
  • Veröffentlicht 18.11.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:53

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specifi...

9.8

CVE-2019-1010292

  • EPSS 0.43%
  • Veröffentlicht 16.07.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:07

Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.

9.8

CVE-2019-1010293

  • EPSS 0.43%
  • Veröffentlicht 15.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:07

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.

7.5

CVE-2019-1010294

  • EPSS 0.32%
  • Veröffentlicht 15.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:07

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.

9.8

CVE-2019-1010295

  • EPSS 0.46%
  • Veröffentlicht 15.07.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:07

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.