6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:M/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, shdr_verify_signature
can make a double free. shdr_verify_signature
used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (sw_crypto_acipher_alloc_rsa_public_key
) will try to allocate a memory (which is opteeβs heap memory). RSA key is consist of exponent and modulus (represent as variable e
, n
) and it allocation is not atomic way, so it may succeed in e
but fail in n
. In this case sw_crypto_acipher_alloc_rsa_public_keywill free on
eand return as it is failed but variable βeβ is remained as already freed memory address .
shdr_verify_signaturewill free again that memory (which is
e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.
Vendor | Product | Version | CPE |
---|---|---|---|
op\-tee | op\-tee_os | * | cpe:2.3:o:op\-tee:op\-tee_os:*:*:*:*:*:*:*:* |
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:M/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%