shdr[sym_tab_idx].sh_addr + shdr[sym_tab_idx].sh_size and shdr[rel_sidx].sh_addr + shdr[rel_sidx].sh_size could overflow, resulting in a large num_syms, or an invalid rel_end. Both could be used to access beyond legitimate memory. Outcome of such flaw is unclear but could be used to snoop or alter memory.
Patches
optee_os.git
- core: ELF relocation: use ADD_OVERFLOW() (781c8f0)
Workarounds
N/A
References
N/A
OP-TEE ID
OP-TEE-2019-0015
Reported by
Netflix (Bastien Simondi)
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.
shdr[sym_tab_idx].sh_addr + shdr[sym_tab_idx].sh_sizeandshdr[rel_sidx].sh_addr + shdr[rel_sidx].sh_sizecould overflow, resulting in a largenum_syms, or an invalidrel_end. Both could be used to access beyond legitimate memory. Outcome of such flaw is unclear but could be used to snoop or alter memory.Patches
optee_os.git
Workarounds
N/A
References
N/A
OP-TEE ID
OP-TEE-2019-0015
Reported by
Netflix (Bastien Simondi)
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.