CVE-2017-18651

Vulnerability

An integer overflow vulnerability exists in the process_M_SetTokenTUIPasswd function of the Samsung mobile trusted application (TZ) manager. This flaw affects Samsung mobile devices running Android M (6.x) and N (7.x) software. The overflow occurs during the handling of a trusted application, leading to memory corruption. Samsung IDs SVE-2017-9008 and SVE-2017-9009 document the issue, which was addressed in October 2017 [1].

Exploitation

An attacker would need the ability to trigger the processing of a crafted trusted application on an affected device. The vulnerability is reachable without physical access but requires the ability to install or manipulate a trusted application that invokes the vulnerable function. The integer overflow in process_M_SetTokenTUIPasswd then leads to memory corruption.

Impact

Successful exploitation results in memory corruption, which can potentially lead to arbitrary code execution within the TZ (TrustZone) context. This could allow an attacker to gain elevated privileges, compromise the secure environment of the device, and access sensitive data protected by the trusted execution environment.

Mitigation

Samsung published security updates in October 2017 to address this issue [1]. Users should ensure their devices have received the latest security patches from Samsung. Devices running Android versions M (6.x) and N (7.x) that have applied the October 2017 update or later are no longer vulnerable.