Lucene search
+L
SamsungMtower

13 matches found

cve
cve
added 2022/09/01 8:4 p.m.79 views

CVE-2022-36622

CVE-2022-36622 affects Samsung Electronics mTower, v0.3.0 and earlier. A NULL pointer dereference occurs in TEE_GetObjectInfo1, enabling a high-severity impact (CVSS 7.5, NETWORK/LOW/NOAUTH/NO-UI) focused on availability risk. Public exploit details are not provided in the supplied documents. Con...

7.5CVSS7.5AI score0.01127EPSS
cve
cve
added 2022/08/11 12:52 a.m.72 views

CVE-2022-38155

Summary (facts from provided docs): Samsung mTower

7.5CVSS7.3AI score0.00879EPSS
cve
cve
added 2022/09/16 9:36 p.m.70 views

CVE-2022-40760

CVE-2022-40760 affects Samsung mTower up to version 0.3.0, where a vulnerability in the TEE_MACUpdate function allows a trusted application to trigger a Denial of Service by passing an oversized chunkSize to TEE_MACUpdate. The root cause is a buffer access with an incorrect length value. Impact i...

7.5CVSS7.4AI score0.01101EPSS
cve
cve
added 2022/09/01 8:4 p.m.69 views

CVE-2022-36621

CVE-2022-36621 affects Samsung Electronics mTower v0.3.0 and earlier, due to a NULL pointer dereference in TEE_AllocateTransientObject. The CVE entry notes a high impact on availability (CVSS 3.1 base 7.5, network attack vector, no privileges required, no user interaction). Connected documents co...

7.5CVSS7.5AI score0.01093EPSS
cve
cve
added 2022/09/05 3:43 a.m.69 views

CVE-2022-39829

Samsung mTower 0.3.0 and earlier has a NULL pointer dereference in aes256_encrypt caused by a missing check of EVP_CIPHER_CTX_new. CVE-2022-39829 affects the module in the Trusted Execution Environment and is rated HIGH (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Connected sources confirm th...

7.5CVSS7.4AI score0.01068EPSS
cve
cve
added 2022/09/05 3:43 a.m.68 views

CVE-2022-39828

CVE-2022-39828 affects Samsung mTower 0.3.0 and earlier. The root cause is a missing check on the return value of EC_KEY_set_private_key in the sign_pFwInfo function, which can lead to a denial-of-service. Impact is an availability disruption; exploitation details are not provided in the document...

7.5CVSS7.4AI score0.01068EPSS
cve
cve
added 2022/08/04 7:42 p.m.66 views

CVE-2022-35858

The Samsung mTower vulnerability CVE-2022-35858 affects version 0.3.0, where the functions TEE_PopulateTransientObject and __utee_from_attr can be triggered to overwrite memory, cause a denial of service, and disclose information when attrCount is large. The issue is documented across multiple so...

7.8CVSS7.3AI score0.00386EPSS
cve
cve
added 2022/09/16 9:35 p.m.61 views

CVE-2022-40762

Samsung mTower prior to version 0.3.0 is vulnerable to a Denial of Service due to a memory allocation issue in the TEE_Realloc function when an excessively large len is supplied. Root cause: over-valued memory allocation in TEE_Realloc. Affected component: Samsung mTower’s TEE_Realloc handling. I...

7.5CVSS7.4AI score0.00839EPSS
cve
cve
added 2022/09/16 9:36 p.m.59 views

CVE-2022-40759

CVE-2022-40759 affects Samsung mTower up to version 0.3.0. A NULL pointer dereference in TEE_MACCompareFinal when the operation parameter is NULL can cause a Denial of Service in trusted applications. The main description provides no exploit details. A PT-Security advisory (PT-2022-25519) notes a...

7.5CVSS7.4AI score0.00839EPSS
cve
cve
added 2022/09/05 3:43 a.m.58 views

CVE-2022-39830

Samsung mTower

7.5CVSS7.4AI score0.01068EPSS
cve
cve
added 2022/09/16 9:36 p.m.56 views

CVE-2022-40757

CVE-2022-40757 affects Samsung mTower prior to 0.3.0, where a buffer access in TEE_MACComputeFinal with an incorrect length (messageLen) can be triggered by a trusted application, causing a Denial of Service. The issue originates in the TEE_MACComputeFinal function and is documented across multip...

7.5CVSS7.4AI score0.00839EPSS
cve
cve
added 2022/09/16 9:35 p.m.56 views

CVE-2022-40761

Samsung mTower

7.5CVSS7.4AI score0.012EPSS
cve
cve
added 2022/09/16 9:36 p.m.55 views

CVE-2022-40758

CVE-2022-40758 affects Samsung mTower up to version 0.3.0, where a Buffer Access with Incorrect Length Value in the TEE_CipherUpdate function can be triggered by a trusted application using an excessive srcLen, causing a Denial of Service. The issue is rooted in incorrect length handling in TEE_C...

7.5CVSS7.4AI score0.00856EPSS