PT-2022-25522 · Samsung · Samsung Mtower
Published
2022-09-16
·
Updated
2023-08-08
·
CVE-2022-40761
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Samsung mTower versions 0.3.0 and earlier
Description
The issue allows a trusted application to trigger a Denial of Service (DoS) by invoking the function
TEE AllocateOperation with a disturbed heap layout, related to utee cryp obj alloc. This is due to the tee obj free function in Samsung mTower.Recommendations
For Samsung mTower versions 0.3.0 and earlier, consider disabling the
TEE AllocateOperation function as a temporary workaround until a patch is available. Restrict access to the utee cryp obj alloc related functionality to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Mtower