Samsung Mtower vulnerabilities

CVE-2022-40760 [HIGH] CWE-119 CVE-2022-40760: A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mT A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.

CVE-2022-40758 [HIGH] CWE-119 CVE-2022-40758: A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.

CVE-2022-40757 [HIGH] CWE-119 CVE-2022-40757: A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Sams A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.

CVE-2022-40759 [HIGH] CWE-476 CVE-2022-40759: A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.

CVE-2022-40762 [HIGH] CWE-770 CVE-2022-40762: A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mT A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.

CVE-2022-40761 [HIGH] CWE-1284 CVE-2022-40761: The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.

CVE-2022-39830 [HIGH] CVE-2022-39830: sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_p sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.

CVE-2022-39829 [HIGH] CWE-476 CVE-2022-39829: There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missi There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.

CVE-2022-39828 [HIGH] CVE-2022-39828: sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_p sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.

CVE-2022-36621 [HIGH] CWE-476 CVE-2022-36621: Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference v Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.

CVE-2022-36622 [HIGH] CWE-476 CVE-2022-36622: Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference v Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.

CVE-2022-38155 [HIGH] CWE-770 CVE-2022-38155: TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.

CVE-2022-35858 [HIGH] CWE-401 CVE-2022-35858: The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trust The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.