CVE-2023-21507

Vulnerability

An out-of-bounds read vulnerability exists in the bc_tui trustlet of Samsung Blockchain Keystore prior to version 1.3.12.1. The flaw is triggered while processing the BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command, allowing a local attacker to read arbitrary memory from the trustlet's address space. The affected component is part of the Samsung Blockchain Keystore software, which is used to manage cryptographic keys on Samsung devices.

Exploitation

To exploit this vulnerability, an attacker must have local access to the device, meaning they must be able to execute code in the Android userspace. The attacker sends a crafted BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command to the bc_tui trustlet. By manipulating the command parameters, the trustlet reads memory outside the intended buffer bounds, leading to an out-of-bounds read. No authentication or special privileges beyond local execution are required. The attack does not require user interaction, as it can be performed by a malicious application running on the device.

Impact

Successful exploitation allows the local attacker to read arbitrary memory from the bc_tui trustlet. This can lead to the disclosure of sensitive information, such as cryptographic keys, credentials, or other secrets stored in the trustlet's memory. The impact is confined to information disclosure (confidentiality breach), as the vulnerability is a read-only out-of-bounds access and does not provide code execution or data modification capabilities. The attacker gains access to data that should be protected by the trustlet's isolation.

Mitigation

The vulnerability is fixed in Samsung Blockchain Keystore version 1.3.12.1. Users should update to this version or later via Samsung's software update mechanism. The official advisory was published by Samsung on May 4, 2023, as part of the May 2023 Security Maintenance Release [1]. No workarounds are available, and the device should be updated to the latest firmware to mitigate this issue.