LAYER: meta-xilinx-core
PACKAGE NAME: optee-os
PACKAGE VERSION: 4.9.0-xlnx-v2026.1
CVE: CVE-2017-1000412
CVE STATUS: Patched
CVE SUMMARY: Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 7.5
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000412

LAYER: meta-xilinx-core
PACKAGE NAME: optee-os
PACKAGE VERSION: 4.9.0-xlnx-v2026.1
CVE: CVE-2017-1000413
CVE STATUS: Patched
CVE SUMMARY: Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.
CVSS v2 BASE SCORE: 4.3
CVSS v3 BASE SCORE: 5.9
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:N/C:P/I:N/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2017-1000413