Vincenzo Bonforte

**Name of the Vulnerable Software and Affected Versions** mPOS TUI trustlet versions prior to SMR May-2023 Release 1 **Description** A double free validation issue in the setPinPadImages function of the mPOS TUI trustlet allows local attackers to access the trustlet memory. **Recommendations** For versions prior to SMR May-2023 Release 1, update to SMR May-2023 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mPOS fiserve trustlet versions prior to SMR May-2023 Release 1 **Description** The issue is related to improper input validation, allowing local attackers to execute arbitrary code. This can be exploited by attackers to gain unauthorized access and control. **Recommendations** For versions prior to SMR May-2023 Release 1, update to SMR May-2023 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting local access to the mPOS fiserve trustlet to minimize the risk of exploitation.