Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Introduction

The following advisories cover security issues discovered, or contributed, by the team at F-Secure Hardware Security Team, previously known as Inverse Path.

CVEs Description Advisory
CVE-2021-44149 OP-TEE TrustZone bypass at wakeup on NXP i.MX6UL Security_Advisory-Ref_FSC-HWSEC-VR2021-0002-OP-TEE_TrustZone_bypass_at_wakeup.txt
CVE-2021-36133 OP-TEE TrustZone bypass on multiple NXP i.MX models Security_Advisory-Ref_FSC-HWSEC-VR2021-0001-OP-TEE_TrustZone_bypass.txt
CVE-2020-12789 ATSAMA5 hardcoded keys are used for protecting applets Security_Advisory-Ref_FSC-HWSEC-VR2020-0003-ATSAMA5_code_authentication_issues.txt
CVE-2020-12788 ATSAMA5 CMAC verification susceptible to side channel attacks Security_Advisory-Ref_FSC-HWSEC-VR2020-0003-ATSAMA5_code_authentication_issues.txt
CVE-2020-12787 ATSAMA5 improper applet verification Security_Advisory-Ref_FSC-HWSEC-VR2020-0003-ATSAMA5_code_authentication_issues.txt
CVE-2020-11684 AT91bootstrap code authentication bypass via key leak Security_Advisory-Ref_FSC-HWSEC-VR2020-0002-AT91Bootstrap_code_authentication_issues.txt
CVE-2020-11683 AT91bootstrap timing side channel in CMAC verification Security_Advisory-Ref_FSC-HWSEC-VR2020-0002-AT91Bootstrap_code_authentication_issues.txt
CVE-2020-10648 U-Boot verified boot bypass via improper signature verification Security_Advisory-Ref_FSC-HWSEC-VR2020-0001-U-Boot_verified_boot_bypass.txt
CVE-2019-5478 Xilinx ZU+ Encrypt Only Secure boot bypass via partition header Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
CVE-2019-5478 Xilinx ZU+ Encrypt Only Secure boot bypass via boot header Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
CVE-2018-18440 U-Boot verified boot bypass via network load Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt
CVE-2018-18439 U-Boot verified boot bypass via filesystem load Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt
CVE-2017-7936 NXP High Assurance Boot SDP protection bypass Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt
CVE-2017-7932 NXP High Assurance Boot X.509 parsing error Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt
CVE-2016-8672 Siemens SIMATIC missing cookie protection SSA-603476
CVE-2016-8673 Siemens SIMATIC cross-site request forgery SSA-603476
CVE-2016-1734 AppleUSBNetworking memory corruption Security_Advisory-Ref_IPVR2016-0001_AppleUSBNetworking_memory_corruption.txt
CVE-2008-3908 WordNet stack and heap overflows Security_Advisory-Ref_oCERT-2008-014-WordNet_stack_overflows.txt
CVE-2008-1530 GnuPG memory corruption Security_Advisory-Ref_oCERT-2008-001-GnuPG_memory_corruption.txt
CVE-2006-1060 zgv/xzgv heap overflow Security_Advisory-Ref_GLSA200604-10-zgv_heap_overflow.txt
CVE-2003-0962 rsync heap-based buffer overflow Security_Advisory-Ref_GLSA200312-03-rsync_heap_overflow.txt

About

Inverse Path | F-Secure Hardware Security Team - Security Advisories

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published