Issue metadata
Sign in to add a comment
|
Security: libtomcrypt/OP-TEE Bleichenbacher Attack |
||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS CERT has contacted Google about a vulnerability in libtomcrypt/OP-TEE. This is a Bleichenbacher signature forgery vulnerability in the rsa_verify_hash_ex function in libtomcrypt, which is embedded in OP-TEE. My search of the internal ChromeOS code tree has found some OP-TEE-related code, but it's not clear to me whether CrOS is vulnerable or not. See internal Google bug #31065292 for more information. VERSION Chrome Version: ???? Operating System: ChromeOS only
,
Aug 24 2016
,
Aug 25 2016
Ricky, can you please take a look.
,
Aug 25 2016
Hi, can you please describe where in Chrome OS you saw references to OP-TEE? I did not think we used trustzone anywhere on Chrome OS.
,
Aug 25 2016
Code Search uncovered some traces of it in http://cs/chromeos_internal/src/partner_private/rockchip-kernel/security/optee_linuxdriver/README.md?l=1, but that's not a terribly strong indication that it's actually used.
,
Aug 25 2016
,
Sep 2 2016
rickyz@ -- any update on this? thanks.
,
Sep 19 2016
I looked around, and do not believe Chrome OS uses trustzone anywhere, so we should not be affected.
,
Dec 27 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by awhalley@chromium.org
, Aug 24 2016