Page 3 of 16 results (0.003 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/OP-TEE/optee_os/commit/a637243270fc1faae16de059091795c32d86e65e • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/RKX1209/CVE-2019-1010298 https://github.com/OP-TEE/optee_os/commit/70697bf3c5dc3d201341b01a1a8e5bc6d2fb48f8 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 1

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. LibTomCrypt hasta la versión 1.18.1 permite un ataque de canal lateral por caché de memoria en las firmas DSA y ECDSA. Esto también se conoce como Return Of the Hidden Number Problem (ROHNP). Para descubrir una clave ECDSA, el atacante necesita acceso a la máquina local o a una máquina virtual diferente en el mismo host físico. • https://security.gentoo.org/glsa/202007-53 https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key. La solución TEE de código libre de Linaro llamada OP-TEE, en su versión 2.4.0 y anteriores, es vulnerable al ataque bellcore en el código LibTomCrypt. Esto resulta en el compromiso de la clave RSA privada. • https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md https://github.com/OP-TEE/optee_os/pull/1610 https://www.op-tee.org/security-advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •