CVE-2019-1010296 - Vulnerability Details - OpenCVE

Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01072.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linaro/OP-TEE

OP-TEE

affected

Version	Status	Constraints
`3.3.0 and earlier [fixed: 3.4.0 and later]`	affected	—

Configuration 1 [-]

cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Trustedfirmware Subscribe	Op-tee Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2019-2032	Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592

History

Fri, 05 Jun 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trustedfirmware Trustedfirmware op-tee
CPEs	cpe:2.3:o:linaro:op-tee::::::::	cpe:2.3:o:trustedfirmware:op-tee::::::::
Vendors & Products	Linaro Linaro op-tee	Trustedfirmware Trustedfirmware op-tee

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-15T17:24:16.000Z

Updated: 2024-08-05T03:07:18.477Z

Reserved: 2019-03-20T00:00:00.000Z

Link: CVE-2019-1010296

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-15T18:15:11.507

Modified: 2026-06-05T20:13:25.387

Link: CVE-2019-1010296

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"containers": {"cna": {"affected": [{"product": "OP-TEE", "vendor": "Linaro/OP-TEE", "versions": [{"status": "affected", "version": "3.3.0 and earlier [fixed: 3.4.0 and later]"}]}], "descriptions": [{"lang": "en", "value": "Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later."}], "problemTypes": [{"descriptions": [{"description": "Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-15T17:24:16.000Z", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010296", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OP-TEE", "version": {"version_data": [{"version_value": "3.3.0 and earlier [fixed: 3.4.0 and later]"}]}}]}, "vendor_name": "Linaro/OP-TEE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592", "refsource": "MISC", "url": "https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.477Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010296", "datePublished": "2019-07-15T17:24:16.000Z", "dateReserved": "2019-03-20T00:00:00.000Z", "dateUpdated": "2024-08-05T03:07:18.477Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:trustedfirmware:op-tee:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE2FE8EB-F10B-4559-AA55-B1D4528E8F07", "versionEndIncluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later."}, {"lang": "es", "value": "OP-TEE versi\u00f3n 3.3.0 y anteriores de Linaro/OP-TEE, est\u00e1 afectado por: Desbordamiento de b\u00fafer. El impacto es: Ejecuci\u00f3n del c\u00f3digo en el contexto del core (kernel) de TEE. El componente es: optee_os. La versi\u00f3n corregida es: 3.4.0 y posteriores."}], "id": "CVE-2019-1010296", "lastModified": "2026-06-05T20:13:25.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-15T18:15:11.507", "references": [{"source": "josh@bress.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}