514 matches found
Memory corruption
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...
CVE-2023-33046 Time-of-check Time-of-use (TOCTOU) Race Condition in Trusted Execution Environment
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...
CVE-2023-33046 Time-of-check Time-of-use (TOCTOU) Race Condition in Trusted Execution Environment
Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation...
CVE-2023-33046
CVE-2023-33046 is tied to a TOCTOU (time-of-check/time-of-use) race condition in the Qualcomm Trusted Execution Environment that can cause memory corruption when deinitializing an object used for license validation. The Vulners enrichment entry explicitly describes it as a TOCTOU issue in the TE,...
PT-2024-12383 · Qualcomm · Snapdragon +45
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in the Trusted Execution Environment, specifically occurring when deinitializing an object used for license...
Qualcomm Chipsets Security Vulnerability
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption in the Trusted Execution Environment when uninitializing an object used for license validation...
CVE-2024-23743
Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."...
MediaTek Chip Security Breach
MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips, which stems from a lack of privilege checking in the aee module, which could lead to privilege escalation...
PT-2023-26864 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.0 through 5.5 Description: A stack buffer overflow vulnerability discovered in AsfSecureBootDxe allows attackers to run arbitrary code execution during the DXE phase. Recommendations: For versions 5.0 through 5.5, conside...
CVE-2022-25333
The Texas Instruments OMAP L138 secure variants trusted execution environment TEE performs an RSA check implemented in mask ROM when loading a module through the SKLOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and appe...
CVE-2022-26942
The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment TEE modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure superviso...
CVE-2022-25334
The Texas Instruments OMAP L138 secure variants trusted execution environment TEE lacks a bounds check on the signature size field in the SKLOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data...
Code injection
The Texas Instruments OMAP L138 secure variants trusted execution environment TEE performs an RSA check implemented in mask ROM when loading a module through the SKLOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and appe...
CVE-2022-25334
CVE-2022-25334 relates to the Texas Instruments OMAP L138 (secure variants) TEE. The mask ROM SK_LOAD routine has no bounds check on the signature size, so a module with a large signature can overflow the stack and enable arbitrary code execution in the secure supervisor context by overwriting a ...
PT-2023-12786 · Texas Instruments · Texas Instruments Omap L138
Name of the Vulnerable Software and Affected Versions: Texas Instruments OMAP L138 secure variants affected versions not specified Description: The trusted execution environment TEE of the Texas Instruments OMAP L138 secure variants has a security issue. When loading a module through the SK LOAD...
Texas Instruments OMAP L138 Security Vulnerability
The Texas Instruments OMAP L138 is a DSP+ARM industrial processor from Texas Instruments. A security vulnerability exists in the Texas Instruments OMAP L138 secure variants, which stems from the fact that when a module is loaded via the SKLOAD routine, the Trusted Execution Environment TEE perfor...
PT-2023-12787 · Texas Instruments · Texas Instruments Omap L138
Name of the Vulnerable Software and Affected Versions: Texas Instruments OMAP L138 secure variants affected versions not specified Description: The trusted execution environment TEE lacks a bounds check on the signature size field in the SK LOAD module loading routine, present in mask ROM. A modu...
Motorola MTM5000 Security Vulnerability
The Motorola MTM5000 is a mobile radio from Motorola, USA. A security vulnerability in the Motorola MTM5000, which stems from a lack of pointer validation of parameters passed to the Trusted Execution Environment TEE module, can be exploited by an attacker to obtain secure supervised code executi...
CVE-2023-22382 Improper Input Validation in Automotive
Weak configuration in Automotive while VM is processing a listener request from TEE...
PT-2023-18474 · Unknown · Automotive
Name of the Vulnerable Software and Affected Versions: Automotive affected versions not specified Description: The issue is related to a weak configuration in Automotive while the Virtual Machine VM is processing a listener request from the Trusted Execution Environment TEE. Recommendations: At t...