CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41325 – OP-TEE double free in shdr_verify_signature
https://notcve.org/view.php?id=CVE-2023-41325
15 Sep 2023 — OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s h... • https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a • CWE-415: Double Free •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47549
https://notcve.org/view.php?id=CVE-2022-47549
19 Dec 2022 — An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections. Una operación de acceso a memoria desprotegida en optee_os en TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) anterior a 3.20 permite a un adversario físicamente cercano omitir la verificación de firmas... • https://github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-44641 – Debian Security Advisory 5318-1
https://notcve.org/view.php?id=CVE-2022-44641
18 Nov 2022 — In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. En Linaro Automated Validation Architecture (LAVA) anterior a 2022.11, los usuarios con credenciales válidas pueden enviar solicitudes XMLRPC manipuladas que provocan una expansión recursiva de la entidad XML, lo que provoca un uso excesivo de la memoria en el s... • https://lists.debian.org/debian-lts-announce/2023/01/msg00016.html • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 1CVE-2022-45132
https://notcve.org/view.php?id=CVE-2022-45132
18 Nov 2022 — In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server. En Linaro Automated Validation Architecture (LAVA) anterior a 2022.11.1, la ejecución remota de código se puede lograr a través de la plantilla Jinja2 enviada por el usuario.... • https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42902 – Debian Security Advisory 5260-1
https://notcve.org/view.php?id=CVE-2022-42902
13 Oct 2022 — In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. Linaro Automated Validation Architecture (LAVA) versiones anteriores a 2022.10, se presenta una ejecución de código dinámico en el archivo lava_server/lavatable.py. Debido a un saneo inapropiado de la entrada, un usuario anónimo puede forzar ... • https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44149
https://notcve.org/view.php?id=CVE-2021-44149
07 Dec 2021 — An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. Se ha detectado un problema en Trusted Firmware OP-TEE Trusted OS versiones hasta 3.15.0. El controlador CSU de OPTEE-OS para los dispositivos SoC NXP i.MX6UL... • https://github.com/OP-TEE/optee_os/tags •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-36133
https://notcve.org/view.php?id=CVE-2021-36133
07 Dec 2021 — The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral. El controlador CSU de OPTEE-OS para los dispositivos NXP i.MX SoC carece de configuración de acceso de seguridad para varios modelos, resultando en una omisión de TrustZone porque el Mundo no Seguro puede llevar a cabo operaciones arb... • https://github.com/f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25052
https://notcve.org/view.php?id=CVE-2019-25052
11 Aug 2021 — In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. En Linaro OP-TEE versiones anteriores a 3.7.0, al usar datos inconsistentes o malformados, es posible llamar a funciones criptográficas de actualización y finalización directamente, causando un bloqueo que podría filtrar información confidencial • https://github.com/OP-TEE/optee_os/commit/34a08bec755670ea0490cb53bbc68058cafc69b6 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32032
https://notcve.org/view.php?id=CVE-2021-32032
21 May 2021 — In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak. En Trusted Firmware-M hasta la versión 1.3.0, limpiar la memoria asignada para una operación criptográfica de varias partes (en caso de fallo) puede impedir que la operación abort() en la biblioteca criptográfica asociada libere recursos inter... • https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/commit/?id=7e2e523a1c4e9ac7b9cc4fd551831f7639ed5ff9 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13799
https://notcve.org/view.php?id=CVE-2020-13799
18 Nov 2020 — Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge o... • https://www.kb.cert.org/vuls/id/231329 • CWE-294: Authentication Bypass by Capture-replay •