CVE-2022-38155

Опубликовано: 11 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.

Ссылки

https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/lib/libutee/tee_api.c#L314
Exploit
Third Party Advisory
https://github.com/Samsung/mTower/issues/74
Exploit
Issue Tracking
Third Party Advisory
https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/lib/libutee/tee_api.c#L314
Exploit
Third Party Advisory
https://github.com/Samsung/mTower/issues/74
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:samsung:mtower:*:*:*:*:*:*:*:*

Версия до 0.3.0 (включая)

EPSS

Процентиль: 56%

0.00335

Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

GHSA-q48p-hrg2-rjmf