Debian Optee-Os vulnerabilities

16 known vulnerabilities affecting debian/optee-os.

Total CVEs

16

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1LOW15

Vulnerabilities

Page 1 of 1

CVE-2025-46733HIGHCVSS 7.9fixed in optee-os 4.5.0-2 (forky)2025

CVE-2025-46733 [HIGH] CVE-2025-46733: optee-os - OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-s... OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that uses the libutee Secure Storage API. Many functions in libutee, spec

CVE-2023-41325LOWCVSS 7.42023

CVE-2023-41325 [HIGH] CVE-2023-41325: optee-os - OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-s... OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allo

CVE-2022-47549LOWCVSS 6.42022

CVE-2022-47549 [MEDIUM] CVE-2022-47549: optee-os - An unprotected memory-access operation in optee_os in TrustedFirmware Open Porta... An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2022-46152LOWCVSS 8.22022

CVE-2022-46152 [HIGH] CVE-2022-46152: optee-os - OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted... OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The commands `OPTEE_MSG_CMD_OPEN_SESSION` and `OPTEE_MSG_CMD_INVOKE_COM

CVE-2021-36133LOWCVSS 7.12021

CVE-2021-36133 [HIGH] CVE-2021-36133: optee-os - The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configura... The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral. Scope: local forky: open sid: open trixie: open

CVE-2021-44149LOWCVSS 7.82021

CVE-2021-44149 [HIGH] CVE-2021-44149: optee-os - An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. Th... An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. Scope: local

CVE-2019-1010295LOWCVSS 9.82019

CVE-2019-1010295 [CRITICAL] CVE-2019-1010295: optee-os - Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impa... Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2019-1010296LOWCVSS 9.82019

CVE-2019-1010296 [CRITICAL] CVE-2019-1010296: optee-os - Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impa... Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2019-1010298LOWCVSS 9.82019

CVE-2019-1010298 [CRITICAL] CVE-2019-1010298: optee-os - Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impa... Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2019-1010297LOWCVSS 9.82019

CVE-2019-1010297 [CRITICAL] CVE-2019-1010297: optee-os - Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impa... Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2019-1010294LOWCVSS 7.52019

CVE-2019-1010294 [HIGH] CVE-2019-1010294: optee-os - Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impac... Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2019-1010293LOWCVSS 9.82019

CVE-2019-1010293 [CRITICAL] CVE-2019-1010293: optee-os - Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The im... Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2019-1010292LOWCVSS 9.82019

CVE-2019-1010292 [CRITICAL] CVE-2019-1010292: optee-os - Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. Th... Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2019-25052LOWCVSS 9.12019

CVE-2019-25052 [CRITICAL] CVE-2019-25052: optee-os - In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is po... In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2017-1000412LOWCVSS 7.52017

CVE-2017-1000412 [HIGH] CVE-2017-1000412: optee-os - Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vu... Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key. Scope: local forky: resolved sid: resolved trixie: resolved

CVE-2017-1000413LOWCVSS 5.92017

CVE-2017-1000413 [MEDIUM] CVE-2017-1000413: optee-os - Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vu... Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. Scope: local forky: resolved sid: resolved trixie: resolved