Lucene search

[email protected]CVE-2022-40758

HistorySep 16, 2022 - 10:15 p.m.

CVE-2022-40758

2022-09-1622:15:12

CWE-119

[email protected]

web.nvd.nist.gov

cve-2022-40758

buffer access

incorrect length

samsung mtower

tee_cipherupdate

denial of service

dos

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.0%

JSON

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.

Affected configurations

NVD

Node

samsungmtowerRange≤0.3.0

CPENameOperatorVersion
samsung:mtowersamsung mtowerle0.3.0

CPE	Name	Operator	Version
samsung:mtower	samsung mtower	le	0.3.0

References

github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/lib/libutee/tee_api_operations.c#L1224

github.com/Samsung/mTower/issues/81

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for CVE-2022-40758

osv1 prion1 cvelist1 nvd1