42 matches found
CVE-2026-44362 OP-TEE's subkey rollback protection can be bypassed with older subkey versions
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...
EUVD-2026-41911
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...
Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook
In this article 1. Risk to enterprise environments 2. Attack chain overview 1. Stage 1: Initial contact via Teams T1566.003 Spearphishing via Service 2. Stage 2: Remote assistance foothold 3. Stage 3: Interactive reconnaissance and access validation 4. Stage 4: Payload placement and trusted...
CVE-2025-47319
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...
CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...
CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS
Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...
Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software
The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response EDR to chase threats after they have already entered the network, is fundamentally risky and contributes...
EUVD-2017-9426
Malware in sbrugna...
EUVD-2019-5380
Malware in sbrugna...
EUVD-2021-21033
Malware in sbrugna...
EUVD-2020-3532
Malware in sbrugna...
EUVD-2020-5209
Malware in sbrugna...
EUVD-2021-7373
Malicious code in bioql PyPI...
EUVD-2022-50310
Malicious code in bioql PyPI...
Qualcomm Trusted Application Emulation for Fuzzing Testing
In recent years, the increasing awareness of cybersecurity has led to a heightened focus on information security within hardware devices and products. Incorporating Trusted Execution Environments TEEs into product designs has become a standard practice for safeguarding sensitive user information...
CVE-2025-21432
CVE-2025-21432 concerns memory corruption while retrieving CBOR data from TA in Qualcomm closed‑source components. The CVSS 3.1 vector indicates LOCAL access with LOW privileges and LOW attack complexity, but HIGH impact across confidentiality, integrity, and availability, yielding a base score o...
CVE-2025-46733
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...
CVE-2025-46733
OP-TEE 4.5.0 is vulnerable to a local, REE userland attack where a malicious tee-supplicant can craft Secure Storage API responses to cause panics in TAs using libutee. The flaw arises because return codes from secure storage operations are unsafely passed from the REE tee-supplicant, through the...
PT-2025-50081
Name of the Vulnerable Software and Affected Versions Qualcomm embedded platform firmware affected versions not specified Description An issue exists in Qualcomm embedded platform firmware related to the disclosure of system data to a controlled area. Exploitation of this issue may allow an...
CVE-2020-11178
Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...