https://db.gcve.eu/sightings/feedMost recent sightings.2026-05-07T05:38:00.088145+00:00Vulnerability-Lookupinfo@gcve.eupython-feedgenContains only the most 10 recent sightings.https://db.gcve.eu/sighting/65a0432f-485a-414f-b17b-9f76ca606b67/export65a0432f-485a-414f-b17b-9f76ca606b672026-05-07T05:38:00.472690+00:00cedrichttp://db.gcve.eu/user/cedric{"uuid": "65a0432f-485a-414f-b17b-9f76ca606b67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-Q84W-P2G5-RXW9", "type": "seen", "source": "https://t.me/arpsyndicate/624", "content": "#ExploitObserverAlert\n\nGHSA-q84w-p2g5-rxw9\n\nDESCRIPTION: Exploit Observer has 3 entries related to GHSA-Q84W-P2G5-RXW9. The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.\n\nGHSS: 8.2", "creation_timestamp": "2023-11-28T00:57:29.000000Z"}2023-11-28T00:57:29+00:00