You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RPC alloc could allocate smaller shared memory than requested
Moderate
ruchi393
published
GHSA-5fhv-xcxv-8v5xJan 11, 2022
Package
OP-TEE
(OP-TEE)
Affected versions
> 3.7.0 and < 3.6.0
Patched versions
>= 3.16.0
Description
The code related to the vulnerability in [1] was refactored a short while after the publication. The vulnerable function get_rpc_alloc_res() was removed from thread.c [2] and placed in thread_optee_smc.c [3].
The actual security fix is not part of the refactored code in thread_optee_smc.c, meaning that the size checks are missing. More details of this vulnerability are available at [1]
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.
The code related to the vulnerability in [1] was refactored a short while after the publication. The vulnerable function get_rpc_alloc_res() was removed from thread.c [2] and placed in thread_optee_smc.c [3].
The actual security fix is not part of the refactored code in thread_optee_smc.c, meaning that the size checks are missing. More details of this vulnerability are available at [1]
[1] GHSA-7r9f-8989-4gp6
[2] 2786f14#diff-efcb9f0f28409fcbecd4267f6440c7d27214ec480bc2fc76d39ea8d6592ee890
[3] 2786f14#diff-06d73c1b655d79e5c83d79bf1d7c288fd32f5a4ac7ab7211771594bdfb1a877e
Patches
optee_os.git
core: verify size of allocated shared memory 4ed4502
Workarounds
N/A
References
N/A
OP-TEE ID
N/A
Reported by
Axis (Patrik Lantz)
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.