34 matches found
CVE-2026-42546
OP-TEE (Trusted Execution Environment for Arm TrustZone) prior to version 4.11.0 contains a resource leak in the shared memory cleanup path. Specifically, cleanup_shm_refs() in core/tee/entry_std.c fails to apply the OPTEE_MSG_ATTR_TYPE_MASK to parameter attributes when processing non-contiguous ...
PT-2026-55975
Name of the Vulnerable Software and Affected Versions OP-TEE versions 3.3.0 through 4.10.x Description A resource leak exists in the shared memory cleanup logic of OP-TEE, a Trusted Execution Environment designed for Arm Cortex-A cores using TrustZone technology. The function cleanup shm refs in...
CVE-2025-25176 GPU DDK - GPU Register value contents leaked from secure workloads to non-secure world
Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform...
Modern IOS Security Features -- a Deep Dive into SPTM, TXM, and Exclaves
The XNU kernel is the basis of Apple's operating systems. Although labeled as a hybrid kernel, it is found to generally operate in a monolithic manner by defining a single privileged trust zone in which all system functionality resides. This has security implications, as a kernel compromise has...
EUVD-2017-6506
Malware in sbrugna...
EUVD-2020-8234
Malware in sbrugna...
EUVD-2018-3299
Malware in sbrugna...
EUVD-2018-3963
Malware in sbrugna...
EUVD-2022-25844
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-36133
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure Wor...
CVE-2023-48405
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2020-16273
In Arm software implementing the Armv8-M processors all versions, the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the sta...
CVE-2023-48405
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-48405
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
PT-2023-30825 · Google · Android
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is caused by a logic error in the code, allowing the secure world to write to NS memory. This could lead to local escalation of privilege, wit...
PUB-A-293298397
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
Input validation
In pagenumber of sharedmem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
CVE-2022-20584
In pagenumber of sharedmem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
CVE-2022-20584
In pagenumber of sharedmem.c, there is a possible code execution in secure world due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...
PT-2022-14790 · Google · Android Kernel
Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to improper input validation in the page number of shared mem.c, which could lead to code execution in the secure world. This may result in local escalation of privilege without requiring...