CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47549
https://notcve.org/view.php?id=CVE-2022-47549
19 Dec 2022 — An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections. Una operación de acceso a memoria desprotegida en optee_os en TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) anterior a 3.20 permite a un adversario físicamente cercano omitir la verificación de firmas... • https://github.com/OP-TEE/optee_os/security/advisories/GHSA-r64m-h886-hw6g • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44149
https://notcve.org/view.php?id=CVE-2021-44149
07 Dec 2021 — An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. Se ha detectado un problema en Trusted Firmware OP-TEE Trusted OS versiones hasta 3.15.0. El controlador CSU de OPTEE-OS para los dispositivos SoC NXP i.MX6UL... • https://github.com/OP-TEE/optee_os/tags •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25052
https://notcve.org/view.php?id=CVE-2019-25052
11 Aug 2021 — In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. En Linaro OP-TEE versiones anteriores a 3.7.0, al usar datos inconsistentes o malformados, es posible llamar a funciones criptográficas de actualización y finalización directamente, causando un bloqueo que podría filtrar información confidencial • https://github.com/OP-TEE/optee_os/commit/34a08bec755670ea0490cb53bbc68058cafc69b6 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-13799
https://notcve.org/view.php?id=CVE-2020-13799
18 Nov 2020 — Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge o... • https://www.kb.cert.org/vuls/id/231329 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010292
https://notcve.org/view.php?id=CVE-2019-1010292
16 Jul 2019 — Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. OP-TEE versiones anteriores a v3.4.0 de Linaro/OP-TEE, está afectada por: Comprobaciones de límites. • https://github.com/OP-TEE/optee_os/commit/e3adcf566cb278444830e7badfdcc3983e334fd1 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010293
https://notcve.org/view.php?id=CVE-2019-1010293
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. Linaro / OP-TEE OP-TEE 3.3.0 y versiones anteriores se ven afectados por: Cruce de límites. • https://github.com/OP-TEE/optee_os/commit/95f36d661f2b75887772ea28baaad904bde96970 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010294
https://notcve.org/view.php?id=CVE-2019-1010294
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Error de redondeo. • https://github.com/OP-TEE/optee_os/commit/7e768f8a473409215fe3fff8f6e31f8a3a0103c6 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010295
https://notcve.org/view.php?id=CVE-2019-1010295
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/OP-TEE/optee_os/commit/d5c5b0b77b2b589666024d219a8007b3f5b6faeb • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2019-1010296
https://notcve.org/view.php?id=CVE-2019-1010296
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2019-1010297
https://notcve.org/view.php?id=CVE-2019-1010297
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/OP-TEE/optee_os/commit/a637243270fc1faae16de059091795c32d86e65e • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •