Op Tee
CVE-2019-1010297
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
AnalysisAI
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. Affected products include: Trustedfirmware Op-Tee.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Rated high sever
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Corte
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TE
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. Rated critical severity (CVSS 9.8), this v
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. Rated critical severity (CVSS 9.8), this vulne
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptogr
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden N
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. Rated high severity (CVSS 7.8), this vulne
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. Rated high severity (CVSS 7.5), this vulnerabilit
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today