CVE-2023-21508

Vulnerability

An out-of-bounds write vulnerability exists in the bc_tui trustlet of Samsung Blockchain Keystore prior to version 1.3.12.1. The issue occurs during processing of the BC_TUI_CMD_SEND_RESOURCE_DATA command, leading to a memory corruption in the trusted execution environment.

Exploitation

An attacker requires local access to the device and the ability to send crafted BC_TUI_CMD_SEND_RESOURCE_DATA commands to the bc_tui trustlet. The attacker does not need elevated privileges prior to exploitation, as the trustlet processes commands from user-space applications. The out-of-bounds write can be triggered by providing a specially crafted resource data payload that violates expected size constraints.

Impact

Successful exploitation allows a local attacker to execute arbitrary code within the context of the bc_tui trustlet, which operates with high privileges in the ARM TrustZone secure world. This can lead to full compromise of the secure environment, including access to sensitive cryptographic material managed by the Blockchain Keystore.

Mitigation

Samsung released version 1.3.12.1 of the Blockchain Keystore, which addresses the vulnerability. Users are advised to update their devices via Samsung's security maintenance release process as described in the May 2023 Security Maintenance Release [1]. No workarounds are available for unpatched devices.