Memory Allocation Vulnerability in Samsung mTower Software
CVE-2022-40762

7.5HIGH

Key Information:

Vendor: Samsung
Status: Mtower
Vendor: CVE Published:; 16 September 2022

What is CVE-2022-40762?

A vulnerability exists in the TEE_Realloc function of Samsung's mTower software version 0.3.0, where a trusted application can cause a Denial of Service (DoS) by passing an excessively large value for the 'len' parameter. This flaw can lead to resource exhaustion, disrupting normal operations and causing instability in services dependent on mTower.

References

https://github.com/Samsung/mTower/blob/efd36709306a9afcca...

x_refsource_MISC

https://github.com/Samsung/mTower/issues/82

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2022
Vulnerability Reserved
Sep 16, 2022