CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

CVE-2026-45329

ESF-IDF (Espressif IoT Development Framework) contains a vulnerability in ESP-TEE secure-service wrappers (esp_secure_services.c and esp_secure_services_iram.c) affecting versions 5.5.4 and 6.0. Several caller-supplied pointer arguments were not fully validated, allowing inputs to reference TEE-e...

CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1050)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : media: uvcvideo: Handle cameras with invalid descriptorsCVE-2023-53437 scsi: target: iscsi: Fix a race condition between loginwork and the login...

EUVD-2019-11147

Malware in sbrugna...

EUVD-2024-54273

Malicious code in bioql PyPI...

SUSE CVE-2025-39865

In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in teeshmput teeshmput have NULL pointer dereference: opteedisableshmcache -- shm = regpairtoptr...;//shm maybe return NULL teeshmfreeshm; -- teeshmputshm;//crash Add check in teeshmput to fix it...

CVE-2024-56187

In ppcfwdenysecdramaccess of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

Google Pixel Logic Error Vulnerability (CNVD-2025-05455)

Google Pixel is a smartphone from the American company Google Google. Google Pixel suffers from a logic error vulnerability that originates from a code logic error in ppcfw.c's ppcfwdenysecdramaccess, which can be exploited by an attacker to cause an arbitrary read from the TEE memory without...

CVE-2024-56187

In ppcfwdenysecdramaccess of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-56187

CVE-2024-56187 involves a logic error in Google Pixel’s ppcfw_deny_sec_dram_access (ppcfw.c) that allows an arbitrary read of TEE memory, enabling local information disclosure with System privileges and no user interaction required. Affected: Pixel devices; root cause: logic flaw in memory access...

CVE-2024-56187

In ppcfwdenysecdramaccess of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

PUB-A-306032268

In ppcfwdenysecdramaccess of ppcfw.c, there is a possible arbitrary read from TEE memory due to a logic error in the code. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2021-46795

A Time-of-check to time-of-use TOCTOU vulnerability exists in hw. This flaw allows an attacker to use a compromised BIOS to cause the trusted execution environment TEE operating system to read memory out-of-bounds, potentially resulting in a denial of service. Mitigation Please contact AMD for mo...

Heap overflow

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ...