Lucene search

[email protected]CVE-2022-40757

HistorySep 16, 2022 - 10:15 p.m.

CVE-2022-40757

2022-09-1622:15:12

CWE-119

[email protected]

web.nvd.nist.gov

cve-2022-40757

buffer access

incorrect length value

tee_maccomputefinal

samsung mtower

denial of service

dos

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.0%

JSON

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.

Affected configurations

NVD

Node

samsungmtowerRange≤0.3.0

CPENameOperatorVersion
samsung:mtowersamsung mtowerle0.3.0

CPE	Name	Operator	Version
samsung:mtower	samsung mtower	le	0.3.0

References

github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/lib/libutee/tee_api_operations.c#L1031

github.com/Samsung/mTower/issues/81

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for CVE-2022-40757

cvelist1 osv1 prion1 nvd1