Lucene search
PRIOn knowledge basePRION:CVE-2022-25334HistoryOct 19, 2023 - 10:15 a.m.
Stack overflow
2023-10-1910:15:00
PRIOn knowledge base
www.prio-n.com
6
texas instruments omap
tee
bounds check vulnerability
sk_load module
stack overflow
secure kernel data
arbitrary code execution
sha256 function pointer
cek
cve-2022-25332
tee security architecture.
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.
References
Related
cvelist
cvelist
nvd
nvd
cve
cve
prion
prion
Design/Logic Flaw
2023-10-19 10:15:00
Code injection
2023-10-19 10:15:00