CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13799
https://notcve.org/view.php?id=CVE-2020-13799
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature. Western Digital ha identificado una vulnerabilidad de seguridad en el protocolo Replay Protected Memory Block (RPMB), tal como se especifica en múltiples estándares para interfaces de dispositivos de almacenamiento, incluyendo todas las versiones de eMMC, UFS y NVMe. El protocolo RPMB está especificado por los organismos de estándares de la industria y es implementado por los dispositivos de almacenamiento de múltiples proveedores para ayudar a los sistemas anfitriones a asegurar un firmware confiable. • https://www.kb.cert.org/vuls/id/231329 https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010292
https://notcve.org/view.php?id=CVE-2019-1010292
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. OP-TEE versiones anteriores a v3.4.0 de Linaro/OP-TEE, está afectada por: Comprobaciones de límites. • https://github.com/OP-TEE/optee_os/commit/e3adcf566cb278444830e7badfdcc3983e334fd1 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010293
https://notcve.org/view.php?id=CVE-2019-1010293
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. Linaro / OP-TEE OP-TEE 3.3.0 y versiones anteriores se ven afectados por: Cruce de límites. • https://github.com/OP-TEE/optee_os/commit/95f36d661f2b75887772ea28baaad904bde96970 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010294
https://notcve.org/view.php?id=CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Error de redondeo. • https://github.com/OP-TEE/optee_os/commit/7e768f8a473409215fe3fff8f6e31f8a3a0103c6 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010295
https://notcve.org/view.php?id=CVE-2019-1010295
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/OP-TEE/optee_os/commit/d5c5b0b77b2b589666024d219a8007b3f5b6faeb • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •