CVE-2021-46795

MEDIUM Year: 2021
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-367
View all →

Vulnerability Description

A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service.

Related Vulnerabilities

CVE-2013-4235

MEDIUM
CVSS:4.7(Medium)

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

CWE-3672013

CVE-2015-7810

MEDIUM
CVSS:4.7(Medium)

libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files

CWE-3672015

CVE-2019-11482

MEDIUM
CVSS:4.7(Medium)

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

CWE-3672019

CVE-2020-8793

MEDIUM
CVSS:4.7(Medium)

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offli...

CWE-3672020

CVE-2020-8833

MEDIUM
CVSS:4.7(Medium)

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can...

CWE-3672020

CVE-2021-26350

MEDIUM
CVSS:4.7(Medium)

A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.

CWE-3672021