Important: kernel

Issue Overview: A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests. A local user could use this flaw to starve the resources resulting in a denial of service...

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware suffers from a buffer overflow vulnerability that could be exploite...

CVE-2021-34405

NVIDIA Linux distributions contain a vulnerability in TrustZone’s TEEMalloc function, where an unchecked return value causing a null pointer dereference may lead to denial of service...

PT-2022-10348 · Nvidia · Linux-Nvidia

Name of the Vulnerable Software and Affected Versions: NVIDIA Linux distributions affected versions not specified Description: The issue is related to an unchecked return value in the TEE Malloc function within TrustZone, which may cause a null pointer dereference. This could potentially lead to ...

Linux kernel 竞争条件问题漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel prior to 5.15.11, which stems from the presence of use-after-free in drivers/tee/teeshm.c in the TEE subsystem.No details of...

PT-2021-5592 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.15.11 Description: A use-after-free exists in the TEE subsystem of the Linux kernel due to a race condition in tee shm get from id during an attempt to free a shared memory object. This issue is related to the...

The vulnerability of the implementation of the NSPE mode for software that creates a trusted execution environment (TEE) in ARM Trusted Firmware-M (TF-M) allows a attacker to trigger a service failure or gain unauthorized access to protected information.

The vulnerability of the implementation of the NSPE mode for software that creates a trusted execution environment TEE in ARM Trusted Firmware-M TF-M is related to data writing outside of the buffer. Exploiting this vulnerability can allow an attacker to cause a service failure or gain unauthoriz...

CVE-2021-25500

A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise...

PT-2021-16690 · Hdcp Ldfw · Hdcp Ldfw

Name of the Vulnerable Software and Affected Versions: HDCP LDFW versions prior to SMR Nov-2021 Release 1 Description: A missing input validation in HDCP LDFW allows attackers to overwrite TZASC, which can lead to TEE compromise. Recommendations: For versions prior to SMR Nov-2021 Release 1, upda...

SAMSUNG Mobile devices 缓冲区错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A buffer error vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Nov-2021 Release 1, which stems from a lack of input validation in HDCP LDFW,...

CVE-2021-25476

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE...

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1, which stems from information leakage in the Widevine TA logs, allowing an attacker to exploit t...

PT-2021-16660 · Unknown · Teegris Secure Os

Name of the Vulnerable Software and Affected Versions: TEEGRIS secure OS versions prior to SMR Oct-2021 Release 1 Description: The issue is related to an improper caller check logic of SMC call in the TEEGRIS secure OS, which can be used to compromise the Trusted Execution Environment TEE...

Honeywell Experion PKS和Honeywell Ace Controllers 注入漏洞

Honeywell Experion PKS and Honeywell Ace Controllers are both products of Honeywell, Inc. Honeywell Experion PKS is a process automation system. Honeywell Ace Controllers are used to execute Honeywell's Control Execution Environment Cee on a server-grade computer platform. Honeywell Ace Controlle...

Why the Raspberry Pi isn’t suitable for IoT

Let’s start by praising the Raspberry Pi: it has brought cheap computing to many, has inspired and enabled education and undoubtedly been a huge benefit. I use my own Pi daily, and we have often used its flexibility to perform hardware testing, from accessing UART to reading flash memory. So why ...

OESA-2021-1251 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: An unlimited recursion in DxeCore in EDK II.CVE-2021-28210...

Google Asylo 安全漏洞

Google Asylo is a framework for the development of trusted applications from Google USA. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in asylo, which stems from the ability to modify an...

Google Asylo 安全漏洞

Google Asylo is a framework for the development of trusted applications from Google USA. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation. A security vulnerability exists in asylo that stems from the ability to modify...

The vulnerability of the execution environment for remote process calls in the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the execution environment for remote process execution in the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Qualcomm QTEE Information Disclosure Vulnerability

Qualcomm QTEE is a key component of a Qualcomm processor from Qualcomm Incorporated. provides a trusted execution environment. An information disclosure vulnerability exists in Qualcomm QTEE that stems from improper use of memset...