Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-46733

Опубликовано: 04 июл. 2025
Источник: ubuntu
Приоритет: medium
CVSS3: 7.9

Описание

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that uses the libutee Secure Storage API. Many functions in libutee, specifically those which make up the Secure Storage API, will panic if a system call returns an unexpected return code. This behavior is mandated by the TEE Internal Core API specification. However, in OP-TEE’s implementation, return codes of secure storage operations are passed through unsanitized from the REE tee-supplicant, through the Linux kernel tee-driver, through the OP-TEE kernel, back to libutee. Thus, an attacker with access to REE userspace, and the ability to stop tee-supplicant and replace it with their own process (generally trivial for a root user, and depending on the way permissions are set up, potentially ...

РелизСтатусПримечание
devel

not-affected

4.5.0-2
jammy

DNE

noble

DNE

plucky

ignored

end of life, was needs-triage
questing

not-affected

4.5.0-2
upstream

released

4.5.0-2

Показывать по

Ссылки на источники

7.9 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-46733

CVSS3: 7.9
nvd
7 месяцев назад

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that uses the libutee Secure Storage API. Many functions in libutee, specifically those which make up the Secure Storage API, will panic if a system call returns an unexpected return code. This behavior is mandated by the TEE Internal Core API specification. However, in OP-TEE’s implementation, return codes of secure storage operations are passed through unsanitized from the REE tee-supplicant, through the Linux kernel tee-driver, through the OP-TEE kernel, back to libutee. Thus, an attacker with access to REE userspace, and the ability to stop tee-supplicant and replace it with their own process (generally trivial for a root user, and depending on the way permissions are set up, potentially ava

debian логотип

CVE-2025-46733

CVSS3: 7.9
debian
7 месяцев назад

OP-TEE is a Trusted Execution Environment (TEE) designed as companion ...

7.9 High

CVSS3