CVE-2023-41325
- Source
- https://cve.org/CVERecord?id=CVE-2023-41325
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-41325.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-41325
- Aliases
-
- GHSA-jrw7-63cq-7vhm
- Published
- 2023-09-15T19:40:58.065Z
- Modified
- 2026-04-02T09:20:08.001800Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
- Summary
- OP-TEE double free in shdr_verify_signature
- Details
-
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22,
shdr_verify_signaturecan make a double free.shdr_verify_signatureused to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (sw_crypto_acipher_alloc_rsa_public_key) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variablee,n) and it allocation is not atomic way, so it may succeed inebut fail inn. In this case swcryptoacipherallocrsapublickeywill free oneand return as it is failed but variable ‘e’ is remained as already freed memory address .shdrverifysignaturewill free again that memory (which ise`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41325.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-415" ] }- References