CVE-2019-25052

2021-08-1114:59:12

mitre

www.cve.org

linaro

op-tee

vulnerability

cryptographic functions

sensitive information

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

59.9%

JSON

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.

References

github.com/OP-TEE/optee_os/commit/34a08bec755670ea0490cb53bbc68058cafc69b6

github.com/OP-TEE/optee_os/security/advisories/GHSA-pgwr-qmgh-vhmf