Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Linaro Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44149 2 Linaro, Nxp 2 Op-tee, I.mx 6ultralite 2022-07-12 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle.
CVE-2021-36133 2 Linaro, Nxp 7 Op-tee, I.mx6sx, I.mx 6 and 4 more 2021-12-09 3.6 LOW 7.1 HIGH
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
CVE-2021-32032 1 Linaro 1 Trusted Firmware-m 2021-05-27 5.0 MEDIUM 7.5 HIGH
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
CVE-2018-12565 2 Debian, Linaro 2 Debian Linux, Lava 2019-09-18 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
CVE-2019-1010294 1 Linaro 1 Op-tee 2019-07-16 5.0 MEDIUM 7.5 HIGH
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVE-2017-1000412 1 Linaro 1 Op-tee 2018-01-17 5.0 MEDIUM 7.5 HIGH
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.