579 matches found
Stack overflow
On Samsung mobile devices with N7.x software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information PIN, password, or pattern. The Samsung ID is SVE-2017-10733...
CVE-2018-5210
On Samsung mobile devices with N7.x software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information PIN, password, or pattern. The Samsung ID is SVE-2017-10733...
CVE-2018-5210
CVE-2018-5210 affects Samsung mobile devices running Android N (7.x) with Exynos chipsets. The vulnerability is a Trustlet stack overflow in the TEE (Trusted Execution Environment) that can lead to arbitrary code execution within TEE, reported in conjunction with a brute-force attack to obtain un...
CVE-2017-1000412
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...
Code injection
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...
CVE-2017-1000413
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...
Code injection
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...
CVE-2017-1000413
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...
CVE-2017-1000412
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...
CVE-2017-1000412
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...
CVE-2017-1000412
OP-TEE (Linaro) versions 2.4.0 and older are vulnerable to a bellcore attack in the LibTomCrypt code, resulting in a compromised private RSA key. Root cause:LibTomCrypt usage within OP-TEE; affected component is the TEE implementation. Impact: potential exposure of private RSA keys. Exploitation ...
CVE-2017-1000413
CVE-2017-1000413 affects OP-TEE (Linaro) 2.4.0 and older. The root cause is a timing attack in the Montgomery portion of libMPA, enabling a compromised private RSA key. Documented impacts include potential exposure of private key material. Connected sources corroborate the same description; no ex...
CVE-2017-1000413
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...
CVE-2017-1000412
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...
CVE-2017-1000413
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...
CVE-2017-8142
The Trusted Execution Environment TEE module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free UAF vulnerability. An attacker tricks a user into installing a malicious application, and...
Design/Logic Flaw
The Trusted Execution Environment TEE module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free UAF vulnerability. An attacker tricks a user into installing a malicious application, and...
CVE-2017-8142
CVE-2017-8142 affects Huawei Mate 9 and Mate 9 Pro devices, where the TEE module driver is vulnerable to a Use-After-Free (UAF). The issue occurs on software versions earlier than MHA-AL00BC00B221 and LON-AL00BC00B221. An attacker can entice a user to install a malicious app that spawns multiple ...
CVE-2017-8142
The Trusted Execution Environment TEE module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free UAF vulnerability. An attacker tricks a user into installing a malicious application, and...
Amazon Linux AMI : libtommath / libtomcrypt (ALAS-2017-864)
possible OP-TEE Bleichenbacher attack : The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public...