Lucene search
+L

188 matches found

BDU FSTEC
BDU FSTEC
added 2023/10/04 12:0 a.m.7 views

The vulnerability of OPTEE, a microprogramming software component for MediaTek chips, allows attackers to enhance their privileges.

The vulnerability of OPTEE microprogramming software components in MediaTek’s chips relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.8CVSS6.8AI score0.00085EPSS
Exploits0References2
OSV
OSV
added 2023/09/15 7:40 p.m.7 views

CVE-2023-41325 OP-TEE double free in shdr_verify_signature

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, shdrverifysignature can make a double free. shdrverifysignature used to verify a TA...

7.4CVSS6.9AI score0.0037EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.7 views

OP-TEE Trusted OS Resource Management Error Vulnerability

OP-TEE Trusted OS is an OP-TEE open source Trusted Execution Environment TEE that implements Arm TrustZone technology. A resource management error vulnerability exists in OP-TEE Trusted OS. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor...

7.4CVSS6.7AI score0.0037EPSS
Exploits1References4
NVD
NVD
added 2023/08/07 4:15 a.m.21 views

CVE-2023-20808

In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895...

6.7CVSS6.8AI score0.00085EPSS
Exploits0References1
OSV
OSV
added 2023/08/07 4:15 a.m.4 views

CVE-2023-20808

In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895...

6.7CVSS5.9AI score0.00085EPSS
Exploits0References1
Prion
Prion
added 2023/08/07 4:15 a.m.16 views

Out-of-bounds

In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895...

4CVSS6.7AI score0.00085EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/07 3:21 a.m.28 views

CVE-2023-20808

In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895...

7AI score0.00085EPSS
Exploits0References1
CVE
CVE
added 2023/08/07 3:21 a.m.48 views

CVE-2023-20808

CVE-2023-20808 affects OPTEE on MediaTek chipsets. The vulnerability is an out-of-bounds write caused by a missing bounds check in OPTEE, enabling local escalation of privileges with System execution privileges required and no user interaction needed. Exploitation status is not detailed in the pr...

6.7CVSS6.7AI score0.00085EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/07 3:21 a.m.16 views

CVE-2023-20808

In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895...

7.2AI score0.00085EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.6 views

PT-2023-5633 · Mediatek · Op-Tee

Name of the Vulnerable Software and Affected Versions: OPTEE affected versions not specified Description: The issue is related to a buffer overflow in the OPTEE component of MediaTek chipsets, which could allow an attacker to escalate their privileges. This is due to a missing bounds check, leadi...

6.8CVSS6.9AI score0.00085EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.5 views

SUSE CVE-2016-6129

The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...

7.5CVSS6.9AI score0.00775EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.7 views

PT-2022-28073 · Trustedfirmware · Op-Tee

Name of the Vulnerable Software and Affected Versions: TrustedFirmware Open Portable Trusted Execution Environment OP-TEE versions prior to 3.20 Description: The issue is related to an unprotected memory-access operation in optee os, allowing a physically proximate adversary to bypass signature...

6.4CVSS6.3AI score0.004EPSS
Exploits1References4
OSV
OSV
added 2021/12/30 2:45 a.m.15 views

GSD-2021-1002841 tee: optee: Fix incorrect page free bug

tee: optee: Fix incorrect page free bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.12 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2021/12/30 2:44 a.m.12 views

GSD-2021-1002811 tee: optee: Fix incorrect page free bug

tee: optee: Fix incorrect page free bug This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.89 by commit...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/12/16 12:0 a.m.11 views

PT-2021-8130 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the optee component of the Linux kernel, where a bug in the page free mechanism can lead to incorrect memory deallocation. This can cause a denial of service. T...

7.8CVSS6.7AI score0.08555EPSS
Exploits10References1637
CNVD
CNVD
added 2021/12/08 12:0 a.m.40 views

NXP i.MX SoC has unspecified vulnerabilities

NXP i.MX SoC is nxp's multi-core solution for multimedia and display applications with scalable, secure and reliable high-performance and low-power features. nXP i.MX SoC devices have a security vulnerability that stems from the OPTEE-OS CSU driver for NXP i.MX SoC devices lacking secure access...

7.1CVSS3.1AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2021/12/07 9:15 p.m.21 views

CVE-2021-36133

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral...

7.1CVSS0.0026EPSS
Exploits0References1
OSV
OSV
added 2021/12/07 9:15 p.m.3 views

CVE-2021-44149

An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write...

7.8CVSS5.7AI score0.00339EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/07 9:15 p.m.5 views

CVE-2021-36133

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral...

7.1CVSS6AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2021/12/07 9:15 p.m.3 views

DEBIAN-CVE-2021-36133

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral...

7.1CVSS7.2AI score0.0026EPSS
Exploits0References1
Rows per page
Query Builder