Martijn Bogaard

**Name of the Vulnerable Software and Affected Versions** versions prior to 2026-0029 **Description** A logic error in the ` pkvm init vm` function within `pkvm.c` may lead to memory corruption. This could allow for local escalation of privilege without requiring additional execution privileges or user interaction. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** A memory overwrite issue exists in the `cpm fwtp msg handler` function within `cpm/google/lib/tracepoint/cpm fwtp ipc.c`. This improper input validation could lead to local escalation of privilege without requiring additional execution privileges or user interaction. The issue resides in Google CPM Tracepoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Dex for PC versions prior to SMR Aug-2022 Release 1 **Description** A heap-based buffer overflow issue allows arbitrary code execution by physical attackers. **Recommendations** For Samsung Dex for PC versions prior to SMR Aug-2022 Release 1, update to SMR Aug-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** StrongBox (affected versions not specified) **Description** The issue arises when the Trusted Execution Environment (TEE) is compromised, allowing attackers to exploit improper state maintenance in StrongBox. This enables them to change the Android Root of Trust (ROT) during the device boot cycle. The patch to prevent this issue is applied in the Galaxy S22, specifically to prevent changes to the Android ROT after its first initialization at boot time. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RPMB ldfw versions prior to SMR Feb-2022 Release 1 **Description** The issue is related to improper input validation in the SMC SRPMB WSM handler of RPMB ldfw, allowing arbitrary memory write and code execution. **Recommendations** For versions prior to SMR Feb-2022 Release 1, update to SMR Feb-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RPMB ldfw versions prior to SMR Feb-2022 Release 1 **Description** The issue is related to an improper boundary check in RPMB ldfw, which allows for arbitrary memory write and code execution. **Recommendations** For versions prior to SMR Feb-2022 Release 1, update to SMR Feb-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CPLC versions prior to SMR Dec-2021 Release 1 **Description** The issue is related to improper access control, allowing local attackers to access CPLC information without permission. **Recommendations** For versions prior to SMR Dec-2021 Release 1, update to SMR Dec-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LDFW versions prior to SMR Dec-2021 Release 1 **Description** The issue is related to improper input validation, which allows attackers to perform arbitrary code execution. **Recommendations** For versions prior to SMR Dec-2021 Release 1, update to SMR Dec-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LDFW and BL31 versions prior to SMR Dec-2021 Release 1 **Description** The issue is related to an improper boundary check in the secure log of LDFW and BL31, which allows for arbitrary memory write and code execution. **Recommendations** For versions prior to SMR Dec-2021 Release 1, update to SMR Dec-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HDCP versions prior to SMR Nov-2021 Release 1 **Description** The issue is related to improper input validation, which allows attackers to execute arbitrary code. **Recommendations** For versions prior to SMR Nov-2021 Release 1, update to SMR Nov-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HDCP LDFW versions prior to SMR Nov-2021 Release 1 **Description** A missing input validation in HDCP LDFW allows attackers to overwrite TZASC, which can lead to TEE compromise. **Recommendations** For versions prior to SMR Nov-2021 Release 1, update to SMR Nov-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Widevine trustlet versions prior to SMR Oct-2021 Release 1 Description: A possible guessing and confirming a byte memory vulnerability allows attackers to read arbitrary memory addresses. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: TEEGRIS secure OS versions prior to SMR Oct-2021 Release 1 Description: The issue is related to an improper caller check logic of SMC call in the TEEGRIS secure OS, which can be used to compromise the Trusted Execution Environment (TEE). Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Widevine trustlet versions prior to SMR Oct-2021 Release 1 Description: A possible stack-based buffer overflow issue allows arbitrary code execution. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linaro OP-TEE versions prior to 3.7.0 **Description** The issue allows an attacker to call update and final cryptographic functions directly by using inconsistent or malformed data, potentially causing a crash that could leak sensitive information. **Recommendations** For versions prior to 3.7.0, update to version 3.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the input data to prevent the use of inconsistent or malformed data that could trigger the crash.