Lucene search

[email protected]CVE-2022-27813

HistoryOct 19, 2023 - 10:15 a.m.

CVE-2022-27813

2023-10-1910:15:10

CWE-1260

[email protected]

web.nvd.nist.gov

motorola

mtm5000

firmware

memory protection

arm

dsp

vulnerability

nvd

cve-2022-27813

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.

Affected configurations

NVD

Node

motorolamtm5500_firmwareMatch-

AND

motorolamtm5500Match-

Node

motorolamtm5400_firmwareMatch-

AND

motorolamtm5400Match-

CPENameOperatorVersion
motorola:mtm5500_firmwaremotorola mtm5500 firmwareeq-

CPE	Name	Operator	Version
motorola:mtm5500_firmware	motorola mtm5500 firmware	eq	-

CNA Affected

[
  {
    "vendor": "Motorola",
    "product": "Mobile Radio",
    "versions": [
      {
        "version": "MTM5000",
        "status": "affected"
      }
    ]
  }
]

References

tetraburst.com/

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-27813

cvelist1 prion1 nvd1