Op Tee
CVE-2019-25052
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
AnalysisAI
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-327. In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. Affected products include: Trustedfirmware Op-Tee. Version information: before 3.7.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Rated high sever
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Corte
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TE
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnera
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. Rated critical severity (CVSS 9.8), this v
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. Rated critical severity (CVSS 9.8), this vulne
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden N
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. Rated high severity (CVSS 7.8), this vulne
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. Rated high severity (CVSS 7.5), this vulnerabilit
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today