Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: trustedfirmware Clear
ID Title
CVE-2026-53763 Vulnerability in trustedfirmware (CVE-2026-53763)
vulnerability in trustedfirmware (CVE-2026-53763). Risk of unauthorized operations or information disclosure.
CVE-2026-44362 Vulnerability in c (CVE-2026-44362)
vulnerability in c (CVE-2026-44362). Data can be tampered with by attackers. Exploitable via ``subkey_version``.
CVE-2026-42546 Vulnerability in c (CVE-2026-42546)
vulnerability in c (CVE-2026-42546). Risk of unauthorized operations or information disclosure. Exploitable via ``OPTEE_MSG_ATTR_TYPE_MASK``.
CVE-2026-41516 Vulnerability in trustedfirmware (CVE-2026-41516)
vulnerability in trustedfirmware (CVE-2026-41516). Risk of unauthorized operations or information disclosure.
CVE-2026-41515 Vulnerability in trustedfirmware (CVE-2026-41515)
vulnerability in trustedfirmware (CVE-2026-41515). Risk of unauthorized operations or information disclosure.
CVE-2026-41514 Vulnerability in trustedfirmware (CVE-2026-41514)
vulnerability in trustedfirmware (CVE-2026-41514). Risk of unauthorized operations or information disclosure.
CVE-2026-41434 Vulnerability in trustedfirmware (CVE-2026-41434)
vulnerability in trustedfirmware (CVE-2026-41434). Risk of unauthorized operations or information disclosure.
CVE-2026-40257 Out-of-Bounds Write in trustedfirmware (CVE-2026-40257)
out-of-bounds write in trustedfirmware (CVE-2026-40257). Risk of unauthorized operations or information disclosure.
CVE-2026-45614 Vulnerability in linaro (CVE-2026-45614)
vulnerability in linaro (CVE-2026-45614). Confidential information can be exposed externally.
CVE-2026-45702 Vulnerability in linaro (CVE-2026-45702)
vulnerability in linaro (CVE-2026-45702). Risk of unauthorized operations or information disclosure.
CVE-2026-40290 Use-After-Free in linaro (CVE-2026-40290)
vulnerability in linaro (CVE-2026-40290). Successful exploitation can lead to full system takeover. Exploitable via ``sp_mem_lock``.
CVE-2026-33662 Vulnerability in c (CVE-2026-33662)
vulnerability in c (CVE-2026-33662). Risk of unauthorized operations or information disclosure.
CVE-2026-33317 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mis...
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds...
CVE-2026-34877 Vulnerability in arm (CVE-2026-34877)
vulnerability in arm (CVE-2026-34877). Successful exploitation can lead to full system takeover.
CVE-2026-34876 Out-of-Bounds Read in c (CVE-2026-34876)
vulnerability in c (CVE-2026-34876). Confidential information can be exposed externally.
CVE-2026-34873 Authentication Bypass in trustedfirmware (CVE-2026-34873)
authentication bypass in trustedfirmware (CVE-2026-34873). Confidential information can be exposed externally.
CVE-2026-34874 Vulnerability in trustedfirmware (CVE-2026-34874)
vulnerability in trustedfirmware (CVE-2026-34874). Risk of unauthorized operations or information disclosure.
CVE-2026-34871 Vulnerability in arm (CVE-2026-34871)
vulnerability in arm (CVE-2026-34871). Confidential information can be exposed externally.
CVE-2026-25835 Vulnerability in arm (CVE-2026-25835)
vulnerability in arm (CVE-2026-25835). Confidential information can be exposed externally.
CVE-2026-25833 Vulnerability in trustedfirmware (CVE-2026-25833)
vulnerability in trustedfirmware (CVE-2026-25833). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.6.6` or later.
CVE-2026-34875 Vulnerability in trustedfirmware (CVE-2026-34875)
vulnerability in trustedfirmware (CVE-2026-34875). Successful exploitation can lead to full system takeover.
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
CVE-2025-49087 Vulnerability in trustedfirmware (CVE-2025-49087)
vulnerability in trustedfirmware (CVE-2025-49087). Risk of unauthorized operations or information disclosure.
CVE-2025-49601 Out-of-Bounds Read in trustedfirmware (CVE-2025-49601)
vulnerability in trustedfirmware (CVE-2025-49601). Risk of unauthorized operations or information disclosure.
CVE-2025-49600 Vulnerability in trustedfirmware (CVE-2025-49600)
vulnerability in trustedfirmware (CVE-2025-49600). Data can be tampered with by attackers.
CVE-2025-27810 Vulnerability in arm (CVE-2025-27810)
vulnerability in arm (CVE-2025-27810). Risk of unauthorized operations or information disclosure.
CVE-2025-27809 Vulnerability in arm (CVE-2025-27809)
vulnerability in arm (CVE-2025-27809). Risk of unauthorized operations or information disclosure.
CVE-2024-49195 Out-of-Bounds Write in trustedfirmware (CVE-2024-49195)
out-of-bounds write in trustedfirmware (CVE-2024-49195). Successful exploitation can lead to full system takeover.
CVE-2024-45159 Vulnerability in trustedfirmware (CVE-2024-45159)
vulnerability in trustedfirmware (CVE-2024-45159). Successful exploitation can lead to full system takeover.
CVE-2024-45158 Vulnerability in trustedfirmware (CVE-2024-45158)
vulnerability in trustedfirmware (CVE-2024-45158). Successful exploitation can lead to full system takeover.
CVE-2024-45157 Vulnerability in trustedfirmware (CVE-2024-45157)
vulnerability in trustedfirmware (CVE-2024-45157). Confidential information can be exposed externally.
CVE-2023-51712 Vulnerability in trustedfirmware (CVE-2023-51712)
vulnerability in trustedfirmware (CVE-2023-51712). Confidential information can be exposed externally.
CVE-2023-31339 Vulnerability in dos (CVE-2023-31339)
vulnerability in dos (CVE-2023-31339). Risk of unauthorized operations or information disclosure.
CVE-2024-30166 Vulnerability in dos (CVE-2024-30166)
vulnerability in dos (CVE-2024-30166). Confidential information can be exposed externally.
CVE-2024-28836 Vulnerability in dos (CVE-2024-28836)
vulnerability in dos (CVE-2024-28836). Risk of unauthorized operations or information disclosure.
CVE-2024-28755 Vulnerability in dos (CVE-2024-28755)
vulnerability in dos (CVE-2024-28755). Risk of unauthorized operations or information disclosure.
CVE-2024-28960 An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
CVE-2024-23775 Vulnerability in dos (CVE-2024-23775)
vulnerability in dos (CVE-2024-23775). Risk of unauthorized operations or information disclosure.
CVE-2024-23170 Vulnerability in arm (CVE-2024-23170)
vulnerability in arm (CVE-2024-23170). Confidential information can be exposed externally.
CVE-2024-23744 Vulnerability in trustedfirmware (CVE-2024-23744)
vulnerability in trustedfirmware (CVE-2024-23744). Risk of unauthorized operations or information disclosure.
CVE-2023-45199 Vulnerability in trustedfirmware (CVE-2023-45199)
vulnerability in trustedfirmware (CVE-2023-45199). Successful exploitation can lead to full system takeover.
CVE-2023-43615 Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
CVE-2023-41325 Vulnerability in trustedfirmware (CVE-2023-41325)
vulnerability in trustedfirmware (CVE-2023-41325). Confidential information can be exposed externally. Exploitable via ``shdr_verify_signature``.
CVE-2023-40271 Vulnerability in trustedfirmware (CVE-2023-40271)
vulnerability in trustedfirmware (CVE-2023-40271). Data can be tampered with by attackers.
CVE-2021-36647 Vulnerability in c (CVE-2021-36647)
vulnerability in c (CVE-2021-36647). Confidential information can be exposed externally.
CVE-2022-47630 Out-of-Bounds Read in trustedfirmware (CVE-2022-47630)
vulnerability in trustedfirmware (CVE-2022-47630). Confidential information can be exposed externally.
CVE-2022-47549 Vulnerability in trustedfirmware (CVE-2022-47549)
vulnerability in trustedfirmware (CVE-2022-47549). Successful exploitation can lead to full system takeover.
CVE-2022-46393 Out-of-Bounds Read in arm (CVE-2022-46393)
vulnerability in arm (CVE-2022-46393). Successful exploitation can lead to full system takeover.
CVE-2022-46392 Vulnerability in arm (CVE-2022-46392)
vulnerability in arm (CVE-2022-46392). Confidential information can be exposed externally.
CVE-2022-46152 OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The funct...
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The...

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →