CVE-2022-39830
Description
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing return-value check in sign_pFwInfo leads to DoS in Samsung mTower through 0.3.0.
Vulnerability
In sign_pFwInfo in tools/fwinfogen.c of Samsung mTower through version 0.3.0, the return value of EC_KEY_set_public_key_affine_coordinates() is not checked. This function returns 1 on success or 0 on error; when it fails (e.g., due to invalid curve coordinates), the subsequent code continues using an invalid state, leading to a denial-of-service condition [1][2].
Exploitation
An attacker can trigger the vulnerability by supplying malformed elliptic-curve coordinates to sign_pFwInfo. No authentication is required if the attacker can control the input to the firmware signing process; the failure occurs during the signature generation step [1][2].
Impact
Successful exploitation causes a denial of service, preventing legitimate firmware signing operations. The system may crash or hang, disrupting the firmware update process [1][2].
Mitigation
As of publication, no official patch has been released for CVE-2022-39830. Users are advised to manually validate the return value of EC_KEY_set_public_key_affine_coordinates() as outlined in the OpenSSL documentation [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Samsung/mTowerdescription
- Range: <=0.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tools/fwinfogen.cmitrex_refsource_MISC
- github.com/Samsung/mTower/issues/77mitrex_refsource_MISC
- www.openssl.org/docs/manmaster/man3/EC_KEY_set_public_key_affine_coordinates.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.