PT-2022-24246 · Samsung · Samsung Mtower
C01Dkit
·
Published
2022-08-11
·
Updated
2022-08-15
·
CVE-2022-38155
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung mTower versions 0.3.0 and earlier
Description
The issue allows a trusted application to achieve excessive memory allocation via a large
len value, potentially leading to a kernel crash, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.Recommendations
For Samsung mTower versions 0.3.0 and earlier, consider restricting the
len value to prevent excessive memory allocation until a patch is available. As a temporary workaround, restrict access to the TEE Malloc function to minimize the risk of exploitation.Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Mtower