CVE-2026-45702 OP-TEE has FF-A type confusion in SPMC tmem path that causes S-EL1 kernel panic

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...

CVE-2026-45702

OP-TEE OS contains a type confusion in the SPMC tmem path when processing an FFA_MEM_SHARE request, affecting 4.3.0 through prior to 4.11.0 for systems configured with CFG_CORE_SEL1_SPMC=y and CFG_SECURE_PARTITION=y. This can impact availability (kernel/OP-TEE stability) with no reported confiden...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021593 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICCSGIEL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest...

EUVD-2017-16568

Malware in sbrugna...

EUVD-2021-12312

Malware in sbrugna...

CVE-2021-25415

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable...

CVE-2021-46980

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 commit 4dbc6a4ef06d "usb: typec: ucsi: save power data objects in PD mode" introduced retrieval of the PDOs when connected to a PD-capable source. But only the...

ALPINE-CVE-2023-34320

Cortex-A77 cores r0p0 and r1p0 are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register PAREL1 in close...

Design/Logic Flaw

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable...

CVE-2021-25416

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area...

CVE-2021-25415

CVE-2021-25415 concerns Samsung Mobile’s RKP (kernel protection) before SMR JUN-2021 Release 1. The vulnerability stems from improper address validation, enabling a local attacker to remap EL2 memory as writable if EL1 is compromised. Documents identify the affected component as Samsung RKP and d...

CVE-2020-12753

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving rawresources. The LG ID is LVE-SMP-200006 May 2020...

CVE-2020-12753

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving rawresources. The LG ID is LVE-SMP-200006 May 2020...

CVE-2018-18068

The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 the highest privilege level in ARMv8 memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug...

CVE-2017-7563

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MTEXECUTENEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits one bit versus two bits...

CVE-2017-7563

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MTEXECUTENEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits one bit versus two bits...

Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=984 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS kernel running in EL1 remains protected from exploit...

Google Android - RKP EL1 Code Loading Bypass

Google Android - RKP EL1 Code Loading Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=981 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS kernel...

Google Android - cfp_ropp_new_key_reenc and cfp_ropp_new_key RKP Memory Corruption Exploit

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=979 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS...

Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation

Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=980 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure...