CVE-2023-21506

Vulnerability

An out-of-bounds write vulnerability exists in the bc_tui trustlet of Samsung Blockchain Keystore prior to version 1.3.12.1. The flaw is triggered by processing a crafted BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command, leading to a write beyond allocated memory boundaries.

Exploitation

An attacker requires local access to the device and the ability to send a malicious BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command to the bc_tui trustlet. No further authentication or user interaction is specified in the available references, though the command must reach the trustlet, typically requiring kernel-level or privileged access on the device.

Impact

Successful exploitation allows a local attacker to execute arbitrary code within the context of the bc_tui trustlet, which operates in the TrustZone secure world. This can lead to a full compromise of sensitive data managed by the Blockchain Keystore, such as cryptographic keys, and may allow further privilege escalation within the secure environment.

Mitigation

Samsung released the fix in version 1.3.12.1 of the Blockchain Keystore. Users should update to this version or later via Samsung's security update process, as described in the Samsung Mobile Security advisory published in May 2023 [1]. No workarounds are disclosed for unpatched devices.