PT-2025-28374 · Samsung · Knoxvault Trustlet
Dawuge
·
Published
2025-07-08
·
Updated
2025-07-08
·
CVE-2025-20982
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
KnoxVault trustlet versions prior to SMR Jul-2025 Release 1
Description:
The issue is related to an out-of-bounds write in setting auth secret, which allows local privileged attackers to write out-of-bounds memory. This can be exploited by local privileged attackers.
Recommendations:
For KnoxVault trustlet versions prior to SMR Jul-2025 Release 1, update to SMR Jul-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the trustlet to minimize the risk of exploitation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Knoxvault Trustlet