mTower
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-40757 | 0.00 | — | 0.00 | Sep 16, 2022 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen. | |||
| CVE-2022-40758 | 0.00 | — | 0.00 | Sep 16, 2022 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen. | |||
| CVE-2022-40759 | 0.00 | — | 0.00 | Sep 16, 2022 | A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation. | |||
| CVE-2022-40760 | 0.00 | — | 0.00 | Sep 16, 2022 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize. | |||
| CVE-2022-40761 | 0.00 | — | 0.01 | Sep 16, 2022 | The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc. | |||
| CVE-2022-40762 | 0.00 | — | 0.00 | Sep 16, 2022 | A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len. | |||
| CVE-2022-39828 | 0.00 | — | 0.00 | Sep 5, 2022 | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. | |||
| CVE-2022-39829 | 0.00 | — | 0.00 | Sep 5, 2022 | There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. | |||
| CVE-2022-39830 | 0.00 | — | 0.00 | Sep 5, 2022 | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. | |||
| CVE-2022-36622 | 0.00 | — | 0.01 | Sep 1, 2022 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. | |||
| CVE-2022-36621 | 0.00 | — | 0.00 | Sep 1, 2022 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. | |||
| CVE-2022-38155 | 0.00 | — | 0.00 | Aug 11, 2022 | TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash. | |||
| CVE-2022-35858 | 0.00 | — | 0.00 | Aug 4, 2022 | The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the… |
- CVE-2022-40757Sep 16, 2022risk 0.00cvss —epss 0.00
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.
- CVE-2022-40758Sep 16, 2022risk 0.00cvss —epss 0.00
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.
- CVE-2022-40759Sep 16, 2022risk 0.00cvss —epss 0.00
A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.
- CVE-2022-40760Sep 16, 2022risk 0.00cvss —epss 0.00
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.
- CVE-2022-40761Sep 16, 2022risk 0.00cvss —epss 0.01
The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.
- CVE-2022-40762Sep 16, 2022risk 0.00cvss —epss 0.00
A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.
- CVE-2022-39828Sep 5, 2022risk 0.00cvss —epss 0.00
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
- CVE-2022-39829Sep 5, 2022risk 0.00cvss —epss 0.00
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.
- CVE-2022-39830Sep 5, 2022risk 0.00cvss —epss 0.00
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
- CVE-2022-36622Sep 1, 2022risk 0.00cvss —epss 0.01
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.
- CVE-2022-36621Sep 1, 2022risk 0.00cvss —epss 0.00
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.
- CVE-2022-38155Aug 11, 2022risk 0.00cvss —epss 0.00
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.
- CVE-2022-35858Aug 4, 2022risk 0.00cvss —epss 0.00
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the…