Mtower Security Vulnerabilities and Issues — Mtower CVE List

Lucene search

SamsungMtower

13 matches found

CVE•added 2022/09/01 9:15 p.m.•66 views

CVE-2022-36622

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.

7.5CVSS7.5AI score0.00119EPSS

CVE•added 2022/08/11 1:15 a.m.•58 views

CVE-2022-38155

TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.

7.5CVSS7.3AI score0.00102EPSS

CVE•added 2022/09/01 9:15 p.m.•55 views

CVE-2022-36621

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.

7.5CVSS7.5AI score0.00122EPSS

CVE•added 2022/09/05 4:15 a.m.•54 views

CVE-2022-39829

There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.

7.5CVSS7.4AI score0.00124EPSS

CVE•added 2022/09/16 10:15 p.m.•53 views

CVE-2022-40760

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.

7.5CVSS7.4AI score0.00118EPSS

CVE•added 2022/08/04 8:15 p.m.•52 views

CVE-2022-35858

The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.

7.8CVSS7.3AI score0.00039EPSS

CVE•added 2022/09/05 4:15 a.m.•50 views

CVE-2022-39828

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.

7.5CVSS7.4AI score0.00124EPSS

CVE•added 2022/09/16 10:15 p.m.•45 views

CVE-2022-40762

A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.

7.5CVSS7.4AI score0.0011EPSS

CVE•added 2022/09/05 4:15 a.m.•44 views

CVE-2022-39830

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.

7.5CVSS7.4AI score0.00124EPSS

CVE•added 2022/09/16 10:15 p.m.•43 views

CVE-2022-40759

A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.

7.5CVSS7.4AI score0.0011EPSS

CVE•added 2022/09/16 10:15 p.m.•42 views

CVE-2022-40761

The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.

7.5CVSS7.4AI score0.00565EPSS

CVE•added 2022/09/16 10:15 p.m.•39 views

CVE-2022-40758

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.

7.5CVSS7.4AI score0.00109EPSS

CVE•added 2022/09/16 10:15 p.m.•38 views

CVE-2022-40757

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.

7.5CVSS7.4AI score0.00109EPSS