C01Dkit

**Name of the Vulnerable Software and Affected Versions** Samsung mTower versions 0.3.0 and earlier **Description** The issue allows a trusted application to achieve excessive memory allocation via a large `len` value, potentially leading to a kernel crash, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash. **Recommendations** For Samsung mTower versions 0.3.0 and earlier, consider restricting the `len` value to prevent excessive memory allocation until a patch is available. As a temporary workaround, restrict access to the TEE Malloc function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung mTower version 0.3.0 **Description** The issue allows a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function `TEE PopulateTransientObject` with a large number in the parameter `attrCount`. This is due to the vulnerable functions `TEE PopulateTransientObject` and ` utee from attr` in Samsung mTower. **Recommendations** For Samsung mTower version 0.3.0, consider disabling the `TEE PopulateTransientObject` function until a patch is available to prevent potential memory overwrites, denial of service, and information disclosure. Restrict access to the ` utee from attr` function to minimize the risk of exploitation. Avoid using the parameter `attrCount` in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.