Vulnerabilities > Linaro

DATE CVE VULNERABILITY TITLE RISK
2023-09-15 CVE-2023-41325 Unspecified vulnerability in Linaro Op-Tee 3.20.0/3.21.0/3.22.0
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology.
local
low complexity
linaro
6.7
2022-12-19 CVE-2022-47549 Improper Verification of Cryptographic Signature vulnerability in Linaro Op-Tee
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
high complexity
linaro CWE-347
6.4
2022-11-18 CVE-2022-45132 Code Injection vulnerability in Linaro Lava
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template.
network
low complexity
linaro CWE-94
critical
9.8
2022-11-18 CVE-2022-44641 XML Entity Expansion vulnerability in multiple products
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
network
low complexity
linaro debian CWE-776
6.5
2022-10-13 CVE-2022-42902 In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py.
network
low complexity
linaro debian
8.8
2021-12-07 CVE-2021-36133 Incorrect Permission Assignment for Critical Resource vulnerability in Linaro Op-Tee
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory.
local
low complexity
linaro CWE-732
7.1
2021-12-07 CVE-2021-44149 Unspecified vulnerability in Linaro Op-Tee
An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0.
local
low complexity
linaro
7.8
2021-08-11 CVE-2019-25052 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Linaro Op-Tee
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
network
low complexity
linaro CWE-327
critical
9.1
2021-05-21 CVE-2021-32032 Memory Leak vulnerability in Linaro Trusted Firmware-M
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
network
low complexity
linaro CWE-401
7.5
2020-11-18 CVE-2020-13799 Authentication Bypass by Capture-replay vulnerability in multiple products
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe.
low complexity
westerndigital linaro CWE-294
6.8