Debian Patches
Status for optee-os/4.10.0-1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2026-33662.patch | core: crypto_api: fix underflow in emsa_pkcs1_v1_5_encode() Guard against an integer underflow in emsa_pkcs1_v1_5_encode() that can occur when calculating the padding field in the EMA-PKCS1-v1_5 encoding. |
Jens Wiklander <jens.wiklander@linaro.org> | yes | debian upstream | upstream, https://github.com/OP-TEE/optee_os/commit/caeaa2a | 2026-01-22 |
| CVE-2026-33317-A.patch | ta: pkcs11: check output buffer size on get attribute value Check client output buffer input size and update its output size on PKCS11_CMD_GET_ATTRIBUTE_VALUE command. |
Etienne Carriere <etienne.carriere@st.com> | yes | debian upstream | upstream, https://github.com/OP-TEE/optee_os/commit/e031c4e | 2026-01-21 |
| CVE-2026-33317-B.patch | ta: pkcs11: check template consistency on get attribute value Check client template holds consistent attribute area sizes value on PKCS11_CMD_GET_ATTRIBUTE_SIZE. |
Etienne Carriere <etienne.carriere@st.com> | yes | debian upstream | upstream, https://github.com/OP-TEE/optee_os/commit/16926d5 | 2026-01-21 |
| CVE-2026-33317-C.patch | ta: pkcs11: fix attribute output size if too small on get attribute value Correct the size field output value for attributes fetched with PKCS11_CMD_GET_ATTRIBUTE_VALUE where a too short buffer was provided. As per the PKCS#11 specification, in such case, the related attributes size field should be filled with CK_UNAVAILABLE_INFORMATION and the function to return an non-true-error code like CKR_BUFFER_TOO_SMALL. The implementation complied for the return value but was loading the required attribute data value size instead in CK_UNAVAILABLE_INFORMATION in the attribute size field. |
Etienne Carriere <etienne.carriere@st.com> | yes | debian upstream | upstream, https://github.com/OP-TEE/optee_os/commit/149e8d7 | 2026-01-21 |