Qualcomm 芯片缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and are often manufactured on the surface of semiconductor wafers. A security vulnerability exists in the Qualcomm chip that stems from a buff...

The vulnerability of Containerd’s execution environment, related to the lack of restrictions on the amount of bytes read for certain files during OCI image import, allows a malicious actor to cause service failures.

The vulnerability of Containerd’s execution environment is related to the lack of restrictions on the amount of bytes that can be read for certain files during OCI image import. Exploiting this vulnerability could allow a attacker to cause service failures...

RCE using bad deserialization

Description Qwik provides an extended serialization mechanism for exchanging data between the client and server. This allows for the serialization and deserialization of Date, Regex, Signal, Function and many other useful data types. The Function deserializer can be accessed using the...

CVE-2022-33221

Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests...

CVE-2022-33221

CVE-2022-33221 describes an information disclosure via a buffer over-read in the Trusted Execution Environment when processing metadata verification requests. Multiple connected sources attribute the issue to Qualcomm closed-source components/T EE; impact is confidentiality loss with potential lo...

CVE-2022-33221 Buffer over-read in Trusted Execution Environment

Information disclosure in Trusted Execution Environment due to buffer over-read while processing metadata verification requests...

PT-2023-13243 · Unknown · Trusted Execution Environment

Name of the Vulnerable Software and Affected Versions: Trusted Execution Environment affected versions not specified Description: The issue is related to information disclosure in the Trusted Execution Environment. It occurs due to a buffer over-read when processing metadata verification requests...

CVE-2021-46795

A TOCTOU time-of-check to time-of-use vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service...

Design/Logic Flaw

An unprotected memory-access operation in opteeos in TrustedFirmware Open Portable Trusted Execution Environment OP-TEE before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections...

CVE-2022-47549

The vulnerability CVE-2022-47549 affects OP-TEE within TrustedFirmware (OP-TEE) prior to version 3.20. The root cause is an unprotected memory-access operation in optee_os that enables a physically proximate attacker to bypass signature verification and install malicious trusted applications thro...

The vulnerability in the execution environment of Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the execution environment for remote process calls in Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted data...

OP-TEE Trusted OS Buffer Overflow Vulnerability

OP-TEE Trusted OS is OP-TEE open source an open source trusted execution environment TEE that implements Arm TrustZone technology. A buffer overflow vulnerability exists in OP-TEE Trusted OS versions prior to 3.19.0, which stems from an unvalidated "numparams" parameter that can be exploited to...

CVE-2022-46152

OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function cleanupshmrefs is called by both entryinvokecommand and entryopensession. The commands...

Input validation

OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function cleanupshmrefs is called by both entryinvokecommand and entryopensession. The commands...

OP-TEE Trusted OS 输入验证错误漏洞

OP-TEE Trusted OS is OP-TEE open source an open source trusted execution environment TEE that implements Arm TrustZone technology. A buffer overflow vulnerability exists in OP-TEE Trusted OS versions prior to 3.19.0, which stems from an unvalidated "numparams" parameter that can be exploited to...

CVE-2022-46152 OP-TEE Trusted OS vulnerable to Improper Validation of Array Index in the cleanup_shm_refs function

OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function cleanupshmrefs is called by both entryinvokecommand and entryopensession. The commands...

CVE-2021-26393

Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...

CVE-2021-26393

Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...

Design/Logic Flaw

Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...

CVE-2021-26393

Insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...