Skip to main content

Op Tee

15 CVEs product

Monthly

CVE-2023-41325 HIGH POC PATCH This Week

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Op Tee
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2022-47549 MEDIUM POC This Month

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Op Tee
NVD GitHub VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-46152 HIGH POC PATCH This Week

OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Op Tee
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-44149 HIGH This Week

An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Op Tee
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-36133 HIGH This Week

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Op Tee
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2019-25052 CRITICAL PATCH Act Now

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Op Tee
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2020-13799 MEDIUM This Month

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inand Cl Em132 Firmware Inand Ix Em132 Firmware Inand Ix Em132 Xi Firmware Op Tee
NVD VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2019-1010292 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2019-1010298 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow RCE Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
5.5%
CVE-2019-1010297 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-1010296 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow RCE Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
1.1%
CVE-2019-1010295 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.5%
CVE-2019-1010294 HIGH PATCH This Week

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Op Tee
NVD GitHub VulDB
CVSS 3.0
7.5
EPSS
0.3%
CVE-2019-1010293 CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Op Tee
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.4%
CVE-2018-12437 MEDIUM POC This Month

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libtomcrypt Op Tee
NVD VulDB
CVSS 3.1
4.9
EPSS
0.1%
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 6.4
MEDIUM POC This Month

An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inand Cl Em132 Firmware Inand Ix Em132 Firmware +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Op Tee
NVD GitHub VulDB
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Op Tee
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Op Tee
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM POC This Month

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libtomcrypt Op Tee
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy