{ "CVE_data_meta" : { "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "DATE_ASSIGNED" : "2017-12-29", "ID" : "CVE-2017-1000412", "REQUESTER" : "joakim.bech@linaro.org", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "OP-TEE", "version" : { "version_data" : [ { "version_value" : "2.4.0 and older" } ] } } ] }, "vendor_name" : "Linaro Ltd" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "Fault injection vulnerability (side channel / glitching attack)" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md", "refsource" : "CONFIRM", "url" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md" }, { "name" : "https://github.com/OP-TEE/optee_os/pull/1610", "refsource" : "CONFIRM", "url" : "https://github.com/OP-TEE/optee_os/pull/1610" }, { "name" : "https://www.op-tee.org/security-advisories/", "refsource" : "CONFIRM", "url" : "https://www.op-tee.org/security-advisories/" } ] } }