Memory Overwrite and Denial of Service in Samsung mTower Software
CVE-2022-35858

7.8HIGH

Key Information:

Vendor: Samsung
Status: Mtower
Vendor: CVE Published:; 4 August 2022

Summary

The mTower software version 0.3.0 from Samsung contains a vulnerability in the TEE_PopulateTransientObject and __utee_from_attr functions. This flaw allows a trusted application to initiate a memory overwrite by passing an excessive value to the attrCount parameter, leading to potential denial of service and information disclosure. The improper handling of memory allocation in this case can compromise the system's stability and data integrity.

References

https://github.com/Samsung/mTower/blob/18f4b592a8a973ce59...

x_refsource_MISC

https://github.com/Samsung/mTower/issues/71

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 4, 2022
Vulnerability Reserved
Jul 13, 2022