13 matches found
CVE-2022-36622
CVE-2022-36622 affects Samsung Electronics mTower, v0.3.0 and earlier. A NULL pointer dereference occurs in TEE_GetObjectInfo1, enabling a high-severity impact (CVSS 7.5, NETWORK/LOW/NOAUTH/NO-UI) focused on availability risk. Public exploit details are not provided in the supplied documents. Con...
CVE-2022-38155
Summary (facts from provided docs): Samsung mTower
CVE-2022-40760
CVE-2022-40760 affects Samsung mTower up to version 0.3.0, where a vulnerability in the TEE_MACUpdate function allows a trusted application to trigger a Denial of Service by passing an oversized chunkSize to TEE_MACUpdate. The root cause is a buffer access with an incorrect length value. Impact i...
CVE-2022-36621
CVE-2022-36621 affects Samsung Electronics mTower v0.3.0 and earlier, due to a NULL pointer dereference in TEE_AllocateTransientObject. The CVE entry notes a high impact on availability (CVSS 3.1 base 7.5, network attack vector, no privileges required, no user interaction). Connected documents co...
CVE-2022-39829
Samsung mTower 0.3.0 and earlier has a NULL pointer dereference in aes256_encrypt caused by a missing check of EVP_CIPHER_CTX_new. CVE-2022-39829 affects the module in the Trusted Execution Environment and is rated HIGH (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Connected sources confirm th...
CVE-2022-39828
CVE-2022-39828 affects Samsung mTower 0.3.0 and earlier. The root cause is a missing check on the return value of EC_KEY_set_private_key in the sign_pFwInfo function, which can lead to a denial-of-service. Impact is an availability disruption; exploitation details are not provided in the document...
CVE-2022-35858
The Samsung mTower vulnerability CVE-2022-35858 affects version 0.3.0, where the functions TEE_PopulateTransientObject and __utee_from_attr can be triggered to overwrite memory, cause a denial of service, and disclose information when attrCount is large. The issue is documented across multiple so...
CVE-2022-40762
Samsung mTower prior to version 0.3.0 is vulnerable to a Denial of Service due to a memory allocation issue in the TEE_Realloc function when an excessively large len is supplied. Root cause: over-valued memory allocation in TEE_Realloc. Affected component: Samsung mTower’s TEE_Realloc handling. I...
CVE-2022-40759
CVE-2022-40759 affects Samsung mTower up to version 0.3.0. A NULL pointer dereference in TEE_MACCompareFinal when the operation parameter is NULL can cause a Denial of Service in trusted applications. The main description provides no exploit details. A PT-Security advisory (PT-2022-25519) notes a...
CVE-2022-39830
Samsung mTower
CVE-2022-40757
CVE-2022-40757 affects Samsung mTower prior to 0.3.0, where a buffer access in TEE_MACComputeFinal with an incorrect length (messageLen) can be triggered by a trusted application, causing a Denial of Service. The issue originates in the TEE_MACComputeFinal function and is documented across multip...
CVE-2022-40761
Samsung mTower
CVE-2022-40758
CVE-2022-40758 affects Samsung mTower up to version 0.3.0, where a Buffer Access with Incorrect Length Value in the TEE_CipherUpdate function can be triggered by a trusted application using an excessive srcLen, causing a Denial of Service. The issue is rooted in incorrect length handling in TEE_C...