Vulnerabilities > Linaro
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-41325 | Double Free vulnerability in Linaro Op-Tee 3.20.0/3.21.0/3.22.0 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. | 6.7 |
| 2022-12-19 | CVE-2022-47549 | Improper Verification of Cryptographic Signature vulnerability in Linaro Op-Tee An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections. | 6.4 |
| 2022-11-18 | CVE-2022-45132 | Code Injection vulnerability in Linaro Lava In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. | 9.8 |
| 2022-11-18 | CVE-2022-44641 | XML Entity Expansion vulnerability in multiple products In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | 6.5 |
| 2022-10-13 | CVE-2022-42902 | In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. | 8.8 |
| 2021-12-07 | CVE-2021-36133 | Incorrect Permission Assignment for Critical Resource vulnerability in Linaro Op-Tee The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. | 7.1 |
| 2021-12-07 | CVE-2021-44149 | Unspecified vulnerability in Linaro Op-Tee An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. | 7.8 |
| 2021-08-11 | CVE-2019-25052 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Linaro Op-Tee In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. | 9.1 |
| 2021-05-21 | CVE-2021-32032 | Memory Leak vulnerability in Linaro Trusted Firmware-M In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak. | 7.5 |
| 2020-11-18 | CVE-2020-13799 | Authentication Bypass by Capture-replay vulnerability in multiple products Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. | 6.8 |