Linaro
Products by Linaro Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2024 there have been 0 vulnerabilities in Linaro . Last year Linaro had 1 security vulnerability published. Right now, Linaro is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.70 |
| 2022 | 4 | 7.88 |
| 2021 | 2 | 8.30 |
| 2020 | 1 | 6.80 |
| 2019 | 7 | 9.47 |
| 2018 | 4 | 6.68 |
It may take a day or so for new Linaro vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Linaro Security Vulnerabilities
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology
CVE-2023-41325
6.7 - Medium
- September 15, 2023
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optees heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable e is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.
Double-free
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20
CVE-2022-47549
6.4 - Medium
- December 19, 2022
An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
Improper Verification of Cryptographic Signature
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution
CVE-2022-45132
9.8 - Critical
- November 18, 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
Code Injection
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests
CVE-2022-44641
6.5 - Medium
- November 18, 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
XEE
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py
CVE-2022-42902
8.8 - High
- October 13, 2022
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash
CVE-2019-25052
9.1 - Critical
- August 11, 2021
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
Use of a Broken or Risky Cryptographic Algorithm
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library
CVE-2021-32032
7.5 - High
- May 21, 2021
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
Memory Leak
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces
CVE-2020-13799
6.8 - Medium
- November 18, 2020
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.
Authentication Bypass by Capture-replay
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks
CVE-2019-1010292
9.8 - Critical
- July 16, 2019
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
Buffer Overflow
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow
CVE-2019-1010298
9.8 - Critical
- July 15, 2019
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
Buffer Overflow
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow
CVE-2019-1010297
9.8 - Critical
- July 15, 2019
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
Buffer Overflow
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow
CVE-2019-1010296
9.8 - Critical
- July 15, 2019
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
Buffer Overflow
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow
CVE-2019-1010295
9.8 - Critical
- July 15, 2019
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.
Buffer Overflow
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error
CVE-2019-1010294
7.5 - High
- July 15, 2019
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
Numeric Errors
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing
CVE-2019-1010293
9.8 - Critical
- July 15, 2019
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
Memory Corruption
An issue was discovered in Linaro LAVA before 2018.5.post1
CVE-2018-12563
6.5 - Medium
- June 19, 2018
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml.
Improper Input Validation
An issue was discovered in Linaro LAVA before 2018.5.post1
CVE-2018-12565
8.8 - High
- June 19, 2018
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
Improper Input Validation
An issue was discovered in Linaro LAVA before 2018.5.post1
CVE-2018-12564
6.5 - Medium
- June 19, 2018
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
Improper Input Validation
LibTomCrypt through 1.18.1
CVE-2018-12437
4.9 - Medium
- June 15, 2018
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
Information Disclosure