Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linaro vulnerabilities and exploits
(subscribe to this query)
3.6
CVSSv2
CVE-2021-36133
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
Linaro Op-tee -
4.3
CVSSv2
CVE-2017-1000413
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.
Linaro Op-tee
5
CVSSv2
CVE-2017-1000412
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.
Linaro Op-tee
7.5
CVSSv2
CVE-2019-1010292
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
Linaro Op-tee
10
CVSSv2
CVE-2019-1010296
Linaro/OP-TEE OP-TEE 3.3.0 and previous versions is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
Linaro Op-tee
4.6
CVSSv2
CVE-2021-44149
An issue exists in Trusted Firmware OP-TEE Trusted OS up to and including 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary ...
Linaro Op-tee
5
CVSSv2
CVE-2021-32032
In Trusted Firmware-M up to and including 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
Linaro Trusted Firmware-m
1.9
CVSSv2
CVE-2018-12437
LibTomCrypt up to and including 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same p...
Libtom Libtomcrypt
Linaro Op-tee
6.5
CVSSv2
CVE-2018-12565
An issue exists in Linaro LAVA prior to 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
Linaro Lava
Debian Debian Linux 9.0
4
CVSSv2
CVE-2018-12564
An issue exists in Linaro LAVA prior to 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
Linaro Lava
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »