Lucene search
K

107 matches found

OSV
OSV
added 2025/07/25 12:47 p.m.3 views

CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix inatomic handling in dosecurestorageaccess Kernel user spaces accesses to not exported pages in atomic context incorrectly try to resolve the page fault. With debug options enabled call traces like this can be seen:...

5.5CVSS5.9AI score0.00104EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/25 12:47 p.m.8 views

CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix inatomic handling in dosecurestorageaccess Kernel user spaces accesses to not exported pages in atomic context incorrectly try to resolve the page fault. With debug options enabled call traces like this can be seen:...

0.00104EPSS
Exploits0References2
CVE
CVE
added 2025/07/25 12:47 p.m.47 views

CVE-2025-38359

CVE-2025-38359 affects the Linux kernel on s390/x architectures. The issue is a fix in in_atomic() handling in do_secure_storage_access() where kernel user-space accesses to not-exported pages in atomic context can trigger a page fault handling path. The described impact involves a potential slee...

5.5CVSS6AI score0.00104EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2025/07/25 12:47 p.m.6 views

CVE-2025-38359

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Fix inatomic handling in dosecurestorageaccess Kernel user spaces accesses to not exported pages in atomic context incorrectly try to resolve the page fault. With debug options enabled call traces like this can be seen:...

5.5CVSS5.1AI score0.00104EPSS
Exploits0
NVD
NVD
added 2025/07/07 5:15 a.m.5 views

CVE-2025-24508

Extraction of Account Connectivity Credentials ACCs from the IT Management Agent secure storage...

6.4CVSS0.0012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/07 4:54 a.m.4 views

CVE-2025-24508 Offline Extraction of Account Connectivity Credentials (ACCs) in IT Management Suite

Extraction of Account Connectivity Credentials ACCs from the IT Management Agent secure storage...

6.4CVSS6.5AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/06 2:14 p.m.7 views

CVE-2025-46733

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

7.9CVSS6.5AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 2:15 p.m.3 views

DEBIAN-CVE-2025-46733

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

7.9CVSS5.7AI score0.0014EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 2:15 p.m.3 views

UBUNTU-CVE-2025-46733

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

7.9CVSS5.9AI score0.0014EPSS
Exploits0References3
CVE
CVE
added 2025/07/04 1:13 p.m.36 views

CVE-2025-46733

OP-TEE 4.5.0 is vulnerable to a local, REE userland attack where a malicious tee-supplicant can craft Secure Storage API responses to cause panics in TAs using libutee. The flaw arises because return codes from secure storage operations are unsafely passed from the REE tee-supplicant, through the...

7.9CVSS6.5AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/04 1:13 p.m.13 views

CVE-2025-46733 REE userspace code can panic TAs, leading to fTPM PCR reset and data disclosure

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

7.9CVSS0.0014EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/07/04 1:13 p.m.5 views

CVE-2025-46733

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

7.9CVSS5.7AI score0.0014EPSS
Exploits0
OSV
OSV
added 2025/07/04 1:13 p.m.9 views

CVE-2025-46733 REE userspace code can panic TAs, leading to fTPM PCR reset and data disclosure

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

7.9CVSS6.4AI score0.0014EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.4 views

OP-TEE Trusted OS 安全漏洞

OP-TEE Trusted OS is an OP-TEE open source Trusted Execution Environment TEE that implements Arm TrustZone technology. A security vulnerability exists in OP-TEE Trusted OS version 4.5.0, which stems from an unvalidated Secure Storage API return code that could cause the TA to crash...

7.9CVSS6.8AI score0.0014EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.5 views

PT-2025-27951

Name of the Vulnerable Software and Affected Versions: OP-TEE version 4.5.0 Description: OP-TEE is a Trusted Execution Environment TEE designed as a companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. An attacker can trigger a panic in a TA that...

7.9CVSS5.9AI score0.0014EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 a.m.9 views

CVE-2019-0307

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to t...

2.7CVSS6.5AI score0.02089EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2025/03/17 9:27 p.m.19 views

buildx allows a possible credential leakage to telemetry endpoint

Impact Some cache backends allow configuring their credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. If this was done by the user, these secure values could be captured together with OpenTelemetry trace as part of the arguments and flags for the...

4.1CVSS7AI score0.0018EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2025/02/17 12:0 a.m.2 views

Samsung Blockchain Keystore Out-of-Bounds Write Vulnerability

Samsung Blockchain Keystore is a secure storage solution introduced by South Korea's Samsung SAMSUNG on its mobile devices to protect users' blockchain keys and digital assets. Samsung Blockchain Keystore suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to...

6.3CVSS6.5AI score0.00143EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2024/03/26 11:8 a.m.11 views

On Secure Voting Systems

Andrew Appel shepherded a public comment--signed by twenty election cybersecurity experts, including myself--on best practices for ballot marking devices and vote tabulation. It was written for the Pennsylvania legislature, but its general in nature. From the executive summary: We believe that no...

7.4AI score
Exploits0
NVD
NVD
added 2024/02/23 7:15 a.m.26 views

CVE-2023-37540

Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data...

3.9CVSS4.2AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder