CVE-2023-41325 — Double Free in Optee OS

CWE-415 — Double Free2 documents2 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 79.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linaro Op-tee Op-tee Optee OS Debian Optee-os

Timeline

PublishedSep 15

Description

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlinaro/op-tee3.20.0 — 3.22.0+1

▶CVEListV5op-tee/optee_os>= 3.20, < 3.22

▶debiandebian/optee-os

Patches

Patch: github.com ↗Patch: github.com ↗

📋Vendor Advisories

Debian

CVE-2023-41325: optee-os - OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-s...↗2023

▶