PT-2022-25518 · Samsung · Samsung Mtower
Published
2022-09-16
·
Updated
2022-09-21
·
CVE-2022-40758
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung mTower versions 0.3.0 and earlier
Description
A Buffer Access with Incorrect Length Value issue in the TEE CipherUpdate function allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE CipherUpdate with an excessive size value of
srcLen.Recommendations
For Samsung mTower versions 0.3.0 and earlier, as a temporary workaround, consider restricting the invocation of the TEE CipherUpdate function with excessive size values of
srcLen to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Mtower