Lucene search
+L
TrustedfirmwareOp-tee

29 matches found

cve
cve
added 2018/06/15 2:0 a.m.106 views

CVE-2018-12437

CVE-2018-12437 affects LibTomCrypt up to 1.18.1, enabling a memory-cache side-channel attack to extract ECDSA keys when an attacker has local access or co-residency on the same host. Mitigation in affected packages is to upgrade LibTomCrypt (e.g., Fedora/Mageia advisories show fixes in 1.18.2+) t...

4.9CVSS4.8AI score0.0054EPSS
cve
cve
added 2019/07/16 1:18 p.m.96 views

CVE-2019-1010292

CVE-2019-1010292 affects Linaro/OP-TEE OP-TEE (optee_os). The vulnerability is in boundary checks, which could lead to corruption of any memory the TA can access. Impact: memory corruption within TA-accessible memory. Fixed in: v3.4.0. CVSS (NVD v3.0): 9.8 (CRITICAL), network-attack vector, low c...

9.8CVSS9.5AI score0.0154EPSS
cve
cve
added 2022/11/29 12:0 a.m.77 views

CVE-2022-46152

CVE-2022-46152 affects OP-TEE Trusted OS versions before 3.19.0. The root cause is improper validation of the num_params argument in cleanup_shm_refs(), which is called from entry_invoke_command() and entry_open_session(). An attacker in the normal world with permission to execute OP-TEE SMCs can...

8.8CVSS8.8AI score0.00466EPSS
cve
cve
added 2020/11/18 9:12 p.m.74 views

CVE-2020-13799

CVE-2020-13799 describes a vulnerability in the Replay Protected Memory Block (RPMB) protocol used by storage interfaces (eMMC/UFS/NVMe). The issue arises when an attacker can affect the RPMB state without the knowledge of the trusted component that uses RPMB, across multiple standards, potential...

6.8CVSS7.3AI score0.00291EPSS
cve
cve
added 2017/02/13 6:0 p.m.67 views

CVE-2016-6129

CVE-2016-6129 affects LibTomCrypt (used by OP-TEE before 2.2.0). The rsa_verify_hash_ex function does not validate that the message length matches the ASN.1 encoded data length, enabling Bleichenbacher-like forgery of RSA signatures or public certificates. Public disclosures in multiple feeds (De...

7.5CVSS7.3AI score0.00775EPSS
cve
cve
added 2019/07/15 5:22 p.m.66 views

CVE-2019-1010297

CVE-2019-1010297 affects Linaro/OP-TEE OP-TEE, specifically the optee_os component. The vulnerability is a buffer overflow in OP-TEE 3.3.0 and earlier, which can lead to execution of code in the TEE core (kernel) context. The fixed version is 3.4.0 and later. This entry is supported by multiple c...

10CVSS9.6AI score0.02723EPSS
cve
cve
added 2019/07/15 5:20 p.m.65 views

CVE-2019-1010298

CVE-2019-1010298 affects Linaro OP-TEE OP-TEE up to version 3.3.0. The vulnerability is a buffer overflow in the optee_os component, allowing code execution in the context of the TEE core (kernel). The fixed version is 3.4.0 and later. All provided connected documents corroborate the same affecte...

10CVSS9.6AI score0.03848EPSS
cve
cve
added 2021/08/11 2:59 p.m.63 views

CVE-2019-25052

The CVE-2019-25052 issue affects Linaro OP-TEE up to versions before 3.7.0. Root cause: processing inconsistent or malformed data allows calling update and final cryptographic functions directly. Impact: a crash that could leak sensitive information. Exploitation details or in-the-wild usage are ...

9.1CVSS9AI score0.00868EPSS
cve
cve
added 2022/12/19 12:0 a.m.63 views

CVE-2022-47549

The vulnerability CVE-2022-47549 affects OP-TEE within TrustedFirmware (OP-TEE) prior to version 3.20. The root cause is an unprotected memory-access operation in optee_os that enables a physically proximate attacker to bypass signature verification and install malicious trusted applications thro...

6.4CVSS6.4AI score0.004EPSS
cve
cve
added 2019/07/15 5:25 p.m.57 views

CVE-2019-1010295

CVE-2019-1010295 affects Linaro OP-TEE OP-TEE

9.8CVSS9.5AI score0.01616EPSS
cve
cve
added 2019/07/15 5:24 p.m.53 views

CVE-2019-1010296

Summary: CVE-2019-1010296 affects Linaro OP-TEE (OP-TEE OS) prior to version 3.4.0, with a buffer overflow in optee_os that enables code execution in the TEE core (kernel) context . The vulnerable line-item is the OP-TEE 3.3.0 and earlier releases. Impact is high/critical per CVSS: complete compr...

10CVSS9.6AI score0.02777EPSS
cve
cve
added 2021/12/07 8:42 p.m.52 views

CVE-2021-36133

The CVE-2021-36133 entry concerns the OPTEE-OS CSU driver for NXP i.MX SoC devices. The root issue is a lack of proper security access configuration for several models, enabling a TrustZone bypass where the NonSecure World can perform arbitrary reads/writes of Secure World memory via a DMA-capabl...

7.1CVSS7AI score0.0026EPSS
cve
cve
added 2019/07/15 5:29 p.m.51 views

CVE-2019-1010293

OP-TEE OP-TEE (optee_os) 3.3.0 and earlier is affected by a boundary-crossing issue that can lead to memory corruption of the TEE. Affected component: optee_os. Fixed in version 3.4.0 and later. The CVE describes the impact as memory corruption within the TEE; no exploitation details are provided...

9.8CVSS9.7AI score0.0154EPSS
cve
cve
added 2019/07/15 5:27 p.m.47 views

CVE-2019-1010294

The CVE affects Linaro/OP-TEE OP-TEE 3.3.0 and earlier in optee_os due to a rounding error. Impact: potentially leaking code and/or data from a previous Trusted Application. Fixed in 3.4.0 and later. Remediation: upgrade to OP-TEE 3.4.0+ or apply equivalent fixes. Note: connected sources consiste...

7.5CVSS7.6AI score0.01408EPSS
cve
cve
added 2021/12/07 8:59 p.m.45 views

CVE-2021-44149

CVE-2021-44149 affects Trusted Firmware OP-TEE Trusted OS up to version 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoCs lacks proper secure access configuration for wakeup-related registers, enabling a TrustZone bypass where a NonSecure World process can perform arbitrary reads/writes of Sec...

7.8CVSS7.7AI score0.00339EPSS
cve
cve
added 2026/06/03 4:45 p.m.45 views

CVE-2026-40290

OP-TEE (Trusted Execution Environment) on Arm Cortex-A with TrustZone suffers a Use-After-Free race in FF-A shared-memory teardown when OP-TEE is configured as an SPMC for S-EL0 SPs (CFG_SECURE_PARTITION=y). The bug lies in sp_mem_remove() not acquiring the global sp_mem_lock before freeing entri...

7.8CVSS5.8AI score0.00187EPSS
cve
cve
added 2023/09/15 7:40 p.m.41 views

CVE-2023-41325

OP-TEE (Trusted Execution Environment) has a double-free condition in shdr_verify_signature across versions 3.20–3.21, triggered during RSA key memory allocation in sw_crypto_acipher_alloc_rsa_public_key when verifying a TA binary signature. The bug can free memory twice (e) due to non-atomic all...

7.4CVSS6.7AI score0.0037EPSS
cve
cve
added 2026/06/03 5:53 p.m.29 views

CVE-2026-45614

OP-TEE up to version 4.10.x is vulnerable in ECDH shared secret paths where the public key isn’t verified as a valid curve point. An attacker with local access can inject ~30–40 crafted public keys to force key derivation (TEE_DeriveKey) and leak d mod r across calls, enabling recovery of the pri...

4.7CVSS5.8AI score0.00096EPSS
cve
cve
added 2026/04/24 2:20 a.m.26 views

CVE-2026-33317

OP-TEE is affected by a vulnerability in PKCS#11 support: versions 3.13.0–4.10.0 contain missing checks in entry_get_attribute_value() (ta/pkcs11/src/object.c), enabling an out-of-bounds read from the PKCS#11 TA heap and potentially memory corruption when combined with an OOB read. This can allow...

8.7CVSS5.9AI score0.00183EPSS
cve
cve
added 2026/06/03 5:55 p.m.23 views

CVE-2026-45702

OP-TEE OS contains a type confusion in the SPMC tmem path when processing an FFA_MEM_SHARE request, affecting 4.3.0 through prior to 4.11.0 for systems configured with CFG_CORE_SEL1_SPMC=y and CFG_SECURE_PARTITION=y. This can impact availability (kernel/OP-TEE stability) with no reported confiden...

5.5CVSS5.8AI score0.00155EPSS
cve
cve
added 2026/04/24 6:13 p.m.16 views

CVE-2026-33662

OP-TEE (Trusted Execution Environment) has a concrete vulnerability in RSASSA PKCS#1 v1.5 padding. Affected versions are 3.8.0–4.10; the padding size (PS) is computed as modulus size minus digest/EMSA fields in emsa_pkcs1_v1_5_encode() (rsassa.c). If the modulus is small enough, this subtraction ...

7.5CVSS5.5AI score0.00403EPSS
cve
cve
added 2026/07/06 4:26 p.m.16 views

CVE-2026-40257

CVE-2026-40257 affects OP-TEE (Trusted Execution Environment) for Cortex-A with TrustZone. From versions 3.21.0 up to, but not including, 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error that can cause a massive heap overflow, corrupting all TEE kernel me...

5.5CVSS6AI score0.00109EPSS
cve
cve
added 2026/07/06 5:24 p.m.16 views

CVE-2026-41434

OP-TEE (a TEE for Arm TrustZone) has an unbounded recursion in sanitize_client_object() that can crash the PKCS#11 trusted app. Affected versions are 3.10.0 up to, but not including, 4.11.0. Version 4.11.0 contains the patch. No public workarounds are documented. This CVE affects the PKCS#11 TA a...

3.3CVSS6AI score0.00105EPSS
cve
cve
added 2026/07/06 7:35 p.m.16 views

CVE-2026-53763

OP-TEE core AES-GCM is vulnerable to a 32-bit integer overflow in its length counters, affecting the authentication tag after processing more than 512 MB of payload or AAD. Affected versions are 3.0.0 up to, but not including, 4.11.0; the issue is resolved in version 4.11.0 with a patch. No publi...

3.8CVSS6AI score0.00149EPSS
cve
cve
added 2026/07/06 7:25 p.m.15 views

CVE-2026-41515

OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) has a vulnerability in the RSA-OAEP decryption path within the NXP CAAM crypto driver. From version 3.9.0 up to, but not including, 4.11.0, the driver uses non-constant-time memcmp() for label hash verification, exposing a Manger-s...

3.3CVSS6AI score0.00094EPSS
cve
cve
added 2026/07/06 7:33 p.m.15 views

CVE-2026-44362

OP-TEE (trusted execution environment for Arm TrustZone) has a vulnerability in subkey rollback protection affecting versions 3.20.0 through 4.10.x; during TA loading, shdr_load_pub_key() fails to propagate subkey_version into the runtime structure, so key->version stays zero. When check_updat...

5.5CVSS6AI score0.00122EPSS
cve
cve
added 2026/07/06 7:31 p.m.14 views

CVE-2026-42546

OP-TEE (Trusted Execution Environment for Arm TrustZone) prior to version 4.11.0 contains a resource leak in the shared memory cleanup path. Specifically, cleanup_shm_refs() in core/tee/entry_std.c fails to apply the OPTEE_MSG_ATTR_TYPE_MASK to parameter attributes when processing non-contiguous ...

3.8CVSS6AI score0.00105EPSS
cve
cve
added 2026/07/06 7:6 p.m.13 views

CVE-2026-41514

OP-TEE affects Cortex-A TrustZone, with RSA-OAEP decryption in the Hisilicon HPRE driver vulnerable from v4.5.0 up to v4.11.0 due to non-constant-time memcmp() in label hash verification and multiple distinct error paths. This creates a padding oracle allowing plaintext recovery on ~1,000–2,000 a...

3.3CVSS6AI score0.00095EPSS
cve
cve
added 2026/07/06 7:27 p.m.9 views

CVE-2026-41516

OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) contains a vulnerability in the Hisilicon HPRE PKCS#1 v1.5 RSA decryption path. From version 4.5.0 up to, but not including, 4.11.0, the RSA PKCS#1 v1.5 decryption implementation uses non-constant-time memcmp() for label hash verif...

3.3CVSS6AI score0.00099EPSS