29 matches found
CVE-2018-12437
CVE-2018-12437 affects LibTomCrypt up to 1.18.1, enabling a memory-cache side-channel attack to extract ECDSA keys when an attacker has local access or co-residency on the same host. Mitigation in affected packages is to upgrade LibTomCrypt (e.g., Fedora/Mageia advisories show fixes in 1.18.2+) t...
CVE-2019-1010292
CVE-2019-1010292 affects Linaro/OP-TEE OP-TEE (optee_os). The vulnerability is in boundary checks, which could lead to corruption of any memory the TA can access. Impact: memory corruption within TA-accessible memory. Fixed in: v3.4.0. CVSS (NVD v3.0): 9.8 (CRITICAL), network-attack vector, low c...
CVE-2022-46152
CVE-2022-46152 affects OP-TEE Trusted OS versions before 3.19.0. The root cause is improper validation of the num_params argument in cleanup_shm_refs(), which is called from entry_invoke_command() and entry_open_session(). An attacker in the normal world with permission to execute OP-TEE SMCs can...
CVE-2020-13799
CVE-2020-13799 describes a vulnerability in the Replay Protected Memory Block (RPMB) protocol used by storage interfaces (eMMC/UFS/NVMe). The issue arises when an attacker can affect the RPMB state without the knowledge of the trusted component that uses RPMB, across multiple standards, potential...
CVE-2016-6129
CVE-2016-6129 affects LibTomCrypt (used by OP-TEE before 2.2.0). The rsa_verify_hash_ex function does not validate that the message length matches the ASN.1 encoded data length, enabling Bleichenbacher-like forgery of RSA signatures or public certificates. Public disclosures in multiple feeds (De...
CVE-2019-1010297
CVE-2019-1010297 affects Linaro/OP-TEE OP-TEE, specifically the optee_os component. The vulnerability is a buffer overflow in OP-TEE 3.3.0 and earlier, which can lead to execution of code in the TEE core (kernel) context. The fixed version is 3.4.0 and later. This entry is supported by multiple c...
CVE-2019-1010298
CVE-2019-1010298 affects Linaro OP-TEE OP-TEE up to version 3.3.0. The vulnerability is a buffer overflow in the optee_os component, allowing code execution in the context of the TEE core (kernel). The fixed version is 3.4.0 and later. All provided connected documents corroborate the same affecte...
CVE-2019-25052
The CVE-2019-25052 issue affects Linaro OP-TEE up to versions before 3.7.0. Root cause: processing inconsistent or malformed data allows calling update and final cryptographic functions directly. Impact: a crash that could leak sensitive information. Exploitation details or in-the-wild usage are ...
CVE-2022-47549
The vulnerability CVE-2022-47549 affects OP-TEE within TrustedFirmware (OP-TEE) prior to version 3.20. The root cause is an unprotected memory-access operation in optee_os that enables a physically proximate attacker to bypass signature verification and install malicious trusted applications thro...
CVE-2019-1010295
CVE-2019-1010295 affects Linaro OP-TEE OP-TEE
CVE-2019-1010296
Summary: CVE-2019-1010296 affects Linaro OP-TEE (OP-TEE OS) prior to version 3.4.0, with a buffer overflow in optee_os that enables code execution in the TEE core (kernel) context . The vulnerable line-item is the OP-TEE 3.3.0 and earlier releases. Impact is high/critical per CVSS: complete compr...
CVE-2021-36133
The CVE-2021-36133 entry concerns the OPTEE-OS CSU driver for NXP i.MX SoC devices. The root issue is a lack of proper security access configuration for several models, enabling a TrustZone bypass where the NonSecure World can perform arbitrary reads/writes of Secure World memory via a DMA-capabl...
CVE-2019-1010293
OP-TEE OP-TEE (optee_os) 3.3.0 and earlier is affected by a boundary-crossing issue that can lead to memory corruption of the TEE. Affected component: optee_os. Fixed in version 3.4.0 and later. The CVE describes the impact as memory corruption within the TEE; no exploitation details are provided...
CVE-2019-1010294
The CVE affects Linaro/OP-TEE OP-TEE 3.3.0 and earlier in optee_os due to a rounding error. Impact: potentially leaking code and/or data from a previous Trusted Application. Fixed in 3.4.0 and later. Remediation: upgrade to OP-TEE 3.4.0+ or apply equivalent fixes. Note: connected sources consiste...
CVE-2021-44149
CVE-2021-44149 affects Trusted Firmware OP-TEE Trusted OS up to version 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoCs lacks proper secure access configuration for wakeup-related registers, enabling a TrustZone bypass where a NonSecure World process can perform arbitrary reads/writes of Sec...
CVE-2026-40290
OP-TEE (Trusted Execution Environment) on Arm Cortex-A with TrustZone suffers a Use-After-Free race in FF-A shared-memory teardown when OP-TEE is configured as an SPMC for S-EL0 SPs (CFG_SECURE_PARTITION=y). The bug lies in sp_mem_remove() not acquiring the global sp_mem_lock before freeing entri...
CVE-2023-41325
OP-TEE (Trusted Execution Environment) has a double-free condition in shdr_verify_signature across versions 3.20–3.21, triggered during RSA key memory allocation in sw_crypto_acipher_alloc_rsa_public_key when verifying a TA binary signature. The bug can free memory twice (e) due to non-atomic all...
CVE-2026-45614
OP-TEE up to version 4.10.x is vulnerable in ECDH shared secret paths where the public key isn’t verified as a valid curve point. An attacker with local access can inject ~30–40 crafted public keys to force key derivation (TEE_DeriveKey) and leak d mod r across calls, enabling recovery of the pri...
CVE-2026-33317
OP-TEE is affected by a vulnerability in PKCS#11 support: versions 3.13.0–4.10.0 contain missing checks in entry_get_attribute_value() (ta/pkcs11/src/object.c), enabling an out-of-bounds read from the PKCS#11 TA heap and potentially memory corruption when combined with an OOB read. This can allow...
CVE-2026-45702
OP-TEE OS contains a type confusion in the SPMC tmem path when processing an FFA_MEM_SHARE request, affecting 4.3.0 through prior to 4.11.0 for systems configured with CFG_CORE_SEL1_SPMC=y and CFG_SECURE_PARTITION=y. This can impact availability (kernel/OP-TEE stability) with no reported confiden...
CVE-2026-33662
OP-TEE (Trusted Execution Environment) has a concrete vulnerability in RSASSA PKCS#1 v1.5 padding. Affected versions are 3.8.0–4.10; the padding size (PS) is computed as modulus size minus digest/EMSA fields in emsa_pkcs1_v1_5_encode() (rsassa.c). If the modulus is small enough, this subtraction ...
CVE-2026-40257
CVE-2026-40257 affects OP-TEE (Trusted Execution Environment) for Cortex-A with TrustZone. From versions 3.21.0 up to, but not including, 4.11.0, the ARM Crypto Extensions accelerated SHA-3 implementation has an off-by-one error that can cause a massive heap overflow, corrupting all TEE kernel me...
CVE-2026-41434
OP-TEE (a TEE for Arm TrustZone) has an unbounded recursion in sanitize_client_object() that can crash the PKCS#11 trusted app. Affected versions are 3.10.0 up to, but not including, 4.11.0. Version 4.11.0 contains the patch. No public workarounds are documented. This CVE affects the PKCS#11 TA a...
CVE-2026-53763
OP-TEE core AES-GCM is vulnerable to a 32-bit integer overflow in its length counters, affecting the authentication tag after processing more than 512 MB of payload or AAD. Affected versions are 3.0.0 up to, but not including, 4.11.0; the issue is resolved in version 4.11.0 with a patch. No publi...
CVE-2026-41515
OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) has a vulnerability in the RSA-OAEP decryption path within the NXP CAAM crypto driver. From version 3.9.0 up to, but not including, 4.11.0, the driver uses non-constant-time memcmp() for label hash verification, exposing a Manger-s...
CVE-2026-44362
OP-TEE (trusted execution environment for Arm TrustZone) has a vulnerability in subkey rollback protection affecting versions 3.20.0 through 4.10.x; during TA loading, shdr_load_pub_key() fails to propagate subkey_version into the runtime structure, so key->version stays zero. When check_updat...
CVE-2026-42546
OP-TEE (Trusted Execution Environment for Arm TrustZone) prior to version 4.11.0 contains a resource leak in the shared memory cleanup path. Specifically, cleanup_shm_refs() in core/tee/entry_std.c fails to apply the OPTEE_MSG_ATTR_TYPE_MASK to parameter attributes when processing non-contiguous ...
CVE-2026-41514
OP-TEE affects Cortex-A TrustZone, with RSA-OAEP decryption in the Hisilicon HPRE driver vulnerable from v4.5.0 up to v4.11.0 due to non-constant-time memcmp() in label hash verification and multiple distinct error paths. This creates a padding oracle allowing plaintext recovery on ~1,000–2,000 a...
CVE-2026-41516
OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) contains a vulnerability in the Hisilicon HPRE PKCS#1 v1.5 RSA decryption path. From version 4.5.0 up to, but not including, 4.11.0, the RSA PKCS#1 v1.5 decryption implementation uses non-constant-time memcmp() for label hash verif...