Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

There is a use-after-free in iouring in the Linux kernel. The signalfdpoll and binderpoll functions use a waitqueue whose lifetime is the current task. The waitqueue will send a POLLFREE notification to all waiters before it is freed. Unfortunately, the iouring poll does not handle POLFREE. This...

CVE-2025-46733 REE userspace code can panic TAs, leading to fTPM PCR reset and data disclosure

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

Secured Encryption Scheme Based on the Ree Groups

An improved design of a cryptosystem based on small Ree groups is proposed. We have changed the encryption algorithm and propose to use a logarithmic signature for the entire Ree group. This approach improves security against sequential key recovery attacks. Hence, the complexity of the key...

Improved MST3 Encryption Scheme Based on Small Ree Groups

This article presents an encryption scheme based on the small Ree groups. We propose utilizing the small Ree group structure to enhance the overall security parameters of the encryption scheme. By extending the logarithmic signature to encompass the entire group and modifying the encryption...

CVE-2019-10608

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...

Information disclosure

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...

CVE-2019-10608

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...

CVE-2020-7958

The CVE-2020-7958 entry concerns OnePlus 7 Pro devices (prior to 10.0.3.GM21BA). A leftover-debug-code issue in the firmware allows a privileged root user in the Rich Execution Environment (REE) to obtain bitmap fingerprint images from the sensor. The root cause is that the Trusted Application (T...