Linaro Linaro

  1. Vendors
  2. Linaro

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Linaro product.

RSS Feeds for Linaro security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Linaro products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Linaro Sorted by Most Security Vulnerabilities since 2018

Linaro Op Tee12 vulnerabilities

Linaro Lava6 vulnerabilities

Linaro Trusted Firmware M1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Linaro. Linaro did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 0 0.00
2023 1 6.70
2022 4 7.88
2021 2 7.50
2020 1 6.80
2019 7 9.47
2018 4 6.68

It may take a day or so for new Linaro vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linaro Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2023-41325 Sep 15, 2023
OP-TEE shdr_verify_signature Double-Free Vulnerability (CVE-2023-41325) OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optees heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable e is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.
Op Tee
CVE-2022-47549 Dec 19, 2022
OP-TEE OS <3.20 memoryaccess flaw enables physical fault injection An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections.
Op Tee
CVE-2022-45132 Nov 18, 2022
LAVA < 2022.11.1 RCE via user-submitted Jinja2 template in lava-server REST API In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
Lava
CVE-2022-44641 Nov 18, 2022
LAVA < 2022.11 XMLRPC Recursive XML Entity Expansion DoS In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
Lava
CVE-2022-42902 Oct 13, 2022
Dynamic Code Exec in LAVA < 2022.10 lava_server CVE-2022-42902 In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
Lava
CVE-2019-25052 Aug 11, 2021
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
Op Tee
CVE-2021-32032 May 21, 2021
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
Trusted Firmware M
CVE-2020-13799 Nov 18, 2020
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.
Op Tee
CVE-2019-1010292 Jul 16, 2019
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
Op Tee
CVE-2019-1010298 Jul 15, 2019
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
Op Tee
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.