Linaro: Security Vulnerabilities
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-06-19
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
CVSS Score
8.8
EPSS Score
0.025
Published
2018-06-19
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.
CVSS Score
4.9
EPSS Score
0.001
Published
2018-06-15
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-01-02
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.
CVSS Score
5.9
EPSS Score
0.003
Published
2018-01-02
Page 3