CVE-2021-26393

CVE-2021-26393 describes insufficient memory cleanup in the AMD Secure Processor (ASP) TEE, which could allow an authenticated user with privileges to generate a valid signed TA and potentially poison process memory, leading to confidentiality loss. The connected AMD security bulletin (AMD-SB-500...

AMD Secure Processor 安全漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from UltraMicroelectronics AMD. A security vulnerability exists in AMD Secure Processor ASP that stems from inadequate memory cleanup in the Trusted Execution Environment TEE, which could allow an authenticated attacker to have the...

PT-2022-9757 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified Description: The issue is related to insufficient memory cleanup in the AMD Secure Processor ASP Trusted Execution Environment TEE. This may allow an authenticated attacker with...

Amazon Linux 2022 : redis6, redis6-devel (ALAS2022-2022-199)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-199 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...

The vulnerability of the Juniper GraphQL execution environment library, related to an uncontrolled recursion, allows a attacker to cause a service failure.

The vulnerability of the Juniper GraphQL execution environment library is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...

多款Acer产品缓冲区错误漏洞

Acer Aspire Series is a line of servers from Acer China. The security vulnerability in Acer products stems from the presence of a stack buffer overflow vulnerability, which could lead to the execution of arbitrary code in the UEFI DXE driver on certain Acer products. An attacker could elevate...

SAMSUNG mTower 缓冲区错误漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower versions prior to 0.3.0, which stems from an "incorrect length buffer access" vulnerability in the TEECipherUpdate function that could allow a trusted application ...

SAMSUNG mTower 代码问题漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower versions prior to 0.3.0, which stems from a vulnerable null pointer dereference in its TEEMACCompareFinal function that allows a trusted application to trigger a...

SAMSUNG mTower 安全漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower versions prior to 0.3.0, which stems from an over-valued memory allocation in its TEERealloc function that allows a trusted application to trigger a denial of...

SAMSUNG mTower 缓冲区错误漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower versions prior to 0.3.0, which stems from a vulnerable buffer access with an incorrect length value in its TEEMACUpdate function that allows a trusted application ...

PT-2022-25522 · Samsung · Samsung Mtower

Name of the Vulnerable Software and Affected Versions: Samsung mTower versions 0.3.0 and earlier Description: The issue allows a trusted application to trigger a Denial of Service DoS by invoking the function TEE AllocateOperation with a disturbed heap layout, related to utee cryp obj alloc. This...

SAMSUNG mTower 输入验证错误漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability in SAMSUNG mTower versions prior to 0.3.0, which stems from an incorrect input validation vulnerability in its teeobjfree function, allows a trusted application to trigger a denial of...

CVE-2022-26454

In teei, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06664701; Issue ID: ALPS06664701...

SAMSUNG mTower 安全漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower 0.3.0 and earlier versions, which stems from a denial of service due to a lack of checking of the ECKEYsetprivatekey return value in signpFwInfo...

SAMSUNG mTower 代码问题漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower v0.3.0 and earlier versions, which originates from the inclusion of a NULL pointer dereference via the TEEGetObjectInfo1 function...

PT-2022-23515 · Samsung · Mtower

Name of the Vulnerable Software and Affected Versions: Samsung Electronics mTower versions 0.3.0 and earlier Description: The issue is related to a NULL pointer dereference via the function TEE GetObjectInfo1. This indicates a problem where the software attempts to access memory through a null, o...

SAMSUNG mTower 代码问题漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower version v0.3.0 and prior versions, which originates from the discovery of a NULL pointer dereference via the function TEEAllocateTransientObject...

CVE-2022-38155

TEEMalloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash...

SAMSUNG mTower 安全漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower version 0.3.0 and prior versions, which stems from a TEEMalloc that allows a trusted application to over-allocate memory by using large len values...

SAMSUNG mTower 安全漏洞

SAMSUNG mTower is a new Trusted Execution Environment TEE from Samsung South Korea. A security vulnerability exists in SAMSUNG mTower version 0.3.0, which stems from the TEEPopulateTransientObject and uteefromattr functions that allow a trusted application to call the function...