Lucene search

NCSC-NLCVELIST:CVE-2022-25333

HistoryOct 19, 2023 - 9:35 a.m.

CVE-2022-25333 Flawed SK_LOAD module authenticity check in Texas Instruments OMAP L138

2023-10-1909:35:03

CWE-347

NCSC-NL

www.cve.org

texas instruments omap l138

sk_load module

rsa check

authenticity validation

cek

cve-2022-25333

arbitrary code execution

secure context

tee security architecture

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:L/MAC:L/MPR:H/MUI:N/MS:C/MC:H/MI:H/MA:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "vendor": "Texas Instruments",
    "product": "OMAP",
    "versions": [
      {
        "version": "L138",
        "status": "affected"
      }
    ]
  }
]

References

tetraburst.com/

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:L/MAC:L/MPR:H/MUI:N/MS:C/MC:H/MI:H/MA:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2022-25333