CVE-2022-25334

The Texas Instruments OMAP L138 secure variants trusted execution environment TEE lacks a bounds check on the signature size field in the SKLOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data...

Stack overflow

The Texas Instruments OMAP L138 secure variants trusted execution environment TEE lacks a bounds check on the signature size field in the SKLOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data...

Code injection

The Texas Instruments OMAP L138 secure variants trusted execution environment TEE performs an RSA check implemented in mask ROM when loading a module through the SKLOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and appe...

Design/Logic Flaw

The AES implementation in the Texas Instruments OMAP L138 secure variants, present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext...

CVE-2022-25332 SK_LOAD timing side channel during AES module decryption in Texas Instruments OMAP L138

The AES implementation in the Texas Instruments OMAP L138 secure variants, present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext...

CVE-2022-25334 Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138

The Texas Instruments OMAP L138 secure variants trusted execution environment TEE lacks a bounds check on the signature size field in the SKLOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data...

CVE-2022-25333 Flawed SK_LOAD module authenticity check in Texas Instruments OMAP L138

The Texas Instruments OMAP L138 secure variants trusted execution environment TEE performs an RSA check implemented in mask ROM when loading a module through the SKLOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and appe...