Linaro Op-Tee vulnerabilities

CVE-2023-41325 [MEDIUM] CWE-415 CVE-2023-41325: OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel r OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signa

CVE-2022-47549 [MEDIUM] CWE-347 CVE-2022-47549: An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Executio An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.

CVE-2021-44149 [HIGH] CVE-2021-44149: An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU drive An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.

CVE-2019-25052 [CRITICAL] CWE-327 CVE-2019-25052: In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call updat In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.

CVE-2020-13799 [MEDIUM] CWE-294 CVE-2020-13799: Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist

CVE-2019-1010292 [CRITICAL] CWE-787 CVE-2019-1010292: Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This co Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.

CVE-2019-1010295 [CRITICAL] CWE-20 CVE-2019-1010295: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corrup Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVE-2019-1010293 [CRITICAL] CWE-787 CVE-2019-1010293: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corr Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVE-2019-1010298 [CRITICAL] CWE-190 CVE-2019-1010298: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code executio Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

CVE-2019-1010297 [CRITICAL] CWE-190 CVE-2019-1010297: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVE-2019-1010296 [CRITICAL] CWE-190 CVE-2019-1010296: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code executio Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

CVE-2019-1010294 [HIGH] CWE-189 CVE-2019-1010294: Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially le Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.

CVE-2018-12437 [MEDIUM] CWE-200 CVE-2018-12437: LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Re LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

CVE-2017-1000412 [HIGH] CWE-200 CVE-2017-1000412: Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bell Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.

CVE-2017-1000413 [MEDIUM] CWE-200 CVE-2017-1000413: Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing at Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.