Heap overflow

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ...

CVE-2019-20607

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ...

CVE-2019-20607

The CVE-2019-20607 issue affects Samsung mobile devices on N(7.x), O(8.x) and P(9.0) platforms (MSM8996/8998, Exynos7420/7870/8890/8895). A heap overflow in the keymaster Trustlet allows writing to TEE memory and leads to arbitrary code execution. No exploitation details or explicit patch/version...

Google Android elevation of privilege vulnerability (CNVD-2019-34130)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in Keymaster in Google Android 10. The vulnerability stems from the presence of post-release reuse. A local attacker...

CVE-2019-9350

In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815...

CVE-2019-9350

In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815...

Design/Logic Flaw

In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815...

CVE-2019-9350

In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129562815...

CVE-2019-9350

CVE-2019-9350 corresponds to an Elevation of Privilege in Android 10 Keymaster, caused by a use-after-free in a component handling crypto operations. This vulnerability could allow a local attacker to escalate privileges without additional execution privileges or user interaction, as described ac...

CVE-2019-1998

In eventhandler of keymasterapp.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...

Input validation

Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810...

CVE-2018-5869

Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810...

CVE-2018-5869

CVE-2018-5869 concerns improper input validation in the QTEE keymaster app, leading to invalid memory access on Qualcomm Snapdragon mobile/wear platforms. Affected are devices using several Snapdragon families (e.g., MDM9206, MDM9607, MSM8909W, SD 210/212/205, SD 410/12, SD 615/16/SD 415, SD 800,...

CVE-2018-5869

Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810...

NVIDIA SHIELD TV TrustZone Software Denial of Service Vulnerability

The NVIDIA SHIELD TV is a gaming console device from NVIDIA, U.S.A. TrustZone Software is one of the system-wide security software.... A security vulnerability exists in the Keymaster implementation of TrustZone Software in NVIDIA SHIELD TV SE 6.2 and earlier. An attacker could exploit this...

Information disclosure

NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high...

CVE-2017-6295

NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high...

CVE-2017-6295

NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high...

CVE-2017-6295

Affected software/hardware: NVIDIA TrustZone Software (Keymaster) in NVIDIA SHIELD TV SE 6.2 and earlier. Vulnerability: reads data past the end or before the beginning of the intended buffer, potentially leading to denial of service or information disclosure. Impact/Severity: rated high (CVE-201...

CVE-2017-6295

NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high...