CVE-2022-39828

Vulnerability

In sign_pFwInfo in tools/fwinfogen.c of Samsung mTower through 0.3.0 (commit 18f4b592), the return value of EC_KEY_set_private_key() is not checked [1][2]. If that function fails (e.g., due to an invalid or malformed key), the code continues execution with an invalid state, leading to a denial-of-service condition.

Exploitation

An attacker with the ability to supply or influence the private key data passed to EC_KEY_set_private_key() can trigger the vulnerability. No authentication is required if an attacker can provide a crafted key file or input that results in a failure of EC_KEY_set_private_key(). The missing check means the program does not abort or handle the error, allowing the invalid state to propagate.

Impact

Successful exploitation results in a denial-of-service. The impact is limited to causing the affected function to behave unexpectedly or crash, potentially halting firmware signing operations. No code execution or information disclosure is indicated.

Mitigation

As of publication (2022-09-05), no fixed version has been released for mTower. Users should apply the patch that adds a return value check for EC_KEY_set_private_key() to abort on failure. If no patch is available, avoid processing untrusted or untested key files in the affected tool.