CVE-2017-1000413

NONE EPSS 72.2%
Published Jan 2, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 2, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.

Threat Intelligence

EPSS Exploit Probability
72.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

VendorProductVersionRange
linaroop-tee* ≤2.4.0

References 3

  • github.com https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md
    Third Party Advisory
  • github.com https://github.com/OP-TEE/optee_os/pull/1610
    Third Party Advisory
  • op-tee.org https://www.op-tee.org/security-advisories/
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.