CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41325 – OP-TEE double free in shdr_verify_signature
https://notcve.org/view.php?id=CVE-2023-41325
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is opteeās heap memory). • https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm • CWE-415: Double Free •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47549
https://notcve.org/view.php?id=CVE-2022-47549
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections. Una operación de acceso a memoria desprotegida en optee_os en TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) anterior a 3.20 permite a un adversario físicamente cercano omitir la verificación de firmas e instalar aplicaciones maliciosas confiables mediante inyecciones de fallos electromagnéticas. • https://github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g https://people.linaro.org/~joakim.bech/reports/Breaking_cross-world_isolation_on_ARM_TrustZone_through_EM_faults_coredumps_and_UUID_confusion.pdf • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45132
https://notcve.org/view.php?id=CVE-2022-45132
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server. En Linaro Automated Validation Architecture (LAVA) anterior a 2022.11.1, la ejecución remota de código se puede lograr a través de la plantilla Jinja2 enviada por el usuario. El endpoint de la API REST para validar archivos de configuración de dispositivos en el servidor lava carga la entrada como una plantilla Jinja2 de una manera que puede usarse para activar la ejecución remota de código en el servidor LAVA. • https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY https://podalirius.net/en/articles/python-vulnerabilities-code-execution-in-jinja-templates • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-44641
https://notcve.org/view.php?id=CVE-2022-44641
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. En Linaro Automated Validation Architecture (LAVA) anterior a 2022.11, los usuarios con credenciales válidas pueden enviar solicitudes XMLRPC manipuladas que provocan una expansión recursiva de la entidad XML, lo que provoca un uso excesivo de la memoria en el servidor y una Denegación de Servicio (DoS). • https://lists.debian.org/debian-lts-announce/2023/01/msg00016.html https://lists.lavasoftware.org/archives/list/lava-announce%40lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY https://www.debian.org/security/2023/dsa-5318 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42902
https://notcve.org/view.php?id=CVE-2022-42902
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. Linaro Automated Validation Architecture (LAVA) versiones anteriores a 2022.10, se presenta una ejecución de código dinámico en el archivo lava_server/lavatable.py. Debido a un saneo inapropiado de la entrada, un usuario anónimo puede forzar al servicio lava-server-gunicorn a ejecutar código proporcionado por el usuario en el servidor • https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834 https://git.lavasoftware.org/lava/lava/-/merge_requests/1834 https://lists.debian.org/debian-lts-announce/2022/11/msg00019.html https://www.debian.org/security/2022/dsa-5260 •