Lucene search
+L

557 matches found

Debian CVE
Debian CVE
added 2026/06/03 5:53 p.m.9 views

CVE-2026-45614

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS5.8AI score0.00096EPSS
Exploits1
CVE
CVE
added 2026/06/03 5:53 p.m.28 views

CVE-2026-45614

OP-TEE up to version 4.10.x is vulnerable in ECDH shared secret paths where the public key isn’t verified as a valid curve point. An attacker with local access can inject ~30–40 crafted public keys to force key derivation (TEE_DeriveKey) and leak d mod r across calls, enabling recovery of the pri...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/03 4:45 p.m.10 views

CVE-2026-40290 OP-TEE has a Use-After-Free race in FF-A shared-memory teardown

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

7.8CVSS5.8AI score0.00187EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 4:45 p.m.10 views

CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

7.8CVSS5.8AI score0.00187EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/03 4:45 p.m.13 views

CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

7.8CVSS5.8AI score0.00187EPSS
Exploits1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.10 views

OP-TEE Trusted OS 资源管理错误漏洞

OP-TEE Trusted OS is an implementation of the OP-TEE open-source project, which creates an open-source Trusted Execution Environment TEE that utilizes Arm TrustZone technology. In versions 3.16.0 to 4.11.0 of OP-TEE Trusted OS, there was a resource management vulnerability. This vulnerability...

7.8CVSS5.3AI score0.00187EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46046

Name of the Vulnerable Software and Affected Versions OP-TEE versions 4.3.0 through 4.10.x Description A type confusion occurs in OP-TEE OS when processing an 'FFA MEM SHARE' request from the normal world. This issue specifically affects configurations where OP-TEE is set as a Secure Partition...

5.5CVSS5.8AI score0.00155EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-45702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

5.5CVSS5.9AI score0.00155EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-45614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

4.7CVSS5.8AI score0.00096EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in mbedtls

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability exists in the decoding of Base64 PEM files. This vulnerability allows system-level administrator attackers to obtain information about secret RSA keys through a controlled-channel and side-channel attack on software running in...

4.9CVSS5.2AI score0.01358EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/15 2:42 a.m.10 views

CVE-2025-66660

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

1.8CVSS5.8AI score0.00101EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 2:42 a.m.9 views

CVE-2025-66660

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCHECKTACOMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

1.8CVSS5.8AI score0.00101EPSS
Exploits0References2
CVE
CVE
added 2026/05/15 2:41 a.m.17 views

CVE-2025-66664

AMD Secure Processor (ASP) TEE SOC Driver is affected by CVE-2025-66664 due to insufficient parameter sanitization, enabling a local attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command and trigger an out-of-bounds read, potentially exposing SOC Driver memory contents or cau...

4.6CVSS5.8AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 2:41 a.m.28 views

CVE-2026-0428

The CVE-2026-0428 entry concerns insufficient parameter sanitization in the TEE SOC Driver that could let an attacker issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS and write invalid data to a remote Die, potentially causing unexpected behavior. According to the provided data, the im...

1.8CVSS5.8AI score0.00101EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.17 views

PT-2026-41256

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV SOC CMD ID SRIOV CHECK TA COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior...

1.8CVSS5.8AI score0.00101EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/05/14 4:7 p.m.12 views

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago...

9.8CVSS7.1AI score0.32074EPSS
Exploits6
SUSE CVE
SUSE CVE
added 2026/05/12 3:34 a.m.15 views

SUSE CVE-2025-71300

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...

5.5CVSS5.8AI score0.00138EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 5:57 p.m.14 views

CVE-2025-71300

A flaw was found in the Linux kernel, specifically within the OP-TEE Open Portable Trusted Execution Environment integration with U-Boot. The U-Boot's OP-TEE logic automatically injects a reserved-memory node into the kernel device tree. However, a manually defined OP-TEE node in zynqmp.dtsi...

5.5CVSS5.8AI score0.00138EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/08 1:15 p.m.11 views

CVE-2025-71300

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...

5.5CVSS5.7AI score0.00138EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/08 3:25 a.m.105 views

CVE-2026-41900 OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment

OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution RCE vulnerability was identified in the OpenLearnX code execution environment, allowing sandbox escape and arbitrary command execution. This issue has been patched in...

8.8CVSS0.0091EPSS
Exploits1References3
Rows per page
Query Builder