CVE-2022-36621

Vulnerability

A NULL pointer dereference vulnerability exists in Samsung Electronics mTower versions v0.3.0 and earlier. The bug resides in the function TEE_AllocateTransientObject, where a null pointer is improperly dereferenced, causing a crash. The attack path is reachable via the Trusted Execution Environment (TEE) API interface exposed by mTower. [1]

Exploitation

An attacker must be able to invoke the TEE_AllocateTransientObject function through the mTower TEE API. No authentication is required if the attacker has local access to the system. The exploitation sequence involves crafting a call to the function with specific parameters that trigger the null pointer dereference. [1]

Impact

Successful exploitation results in a denial of service (DoS) due to system crash. The vulnerability does not lead to information disclosure, privilege escalation, or remote code execution as the impact is limited to a crash of the TEE subsystem. [1]

Mitigation

Samsung has not released a security update or advisory for this vulnerability as of the publication date. The latest affected version is mTower v0.3.0. No workarounds have been disclosed. Users should monitor Samsung's security update page for future patches. [1]