Lucene search

[email protected]CVE-2022-25333

HistoryOct 19, 2023 - 10:15 a.m.

CVE-2022-25333

2023-10-1910:15:09

CWE-347

[email protected]

web.nvd.nist.gov

cve-2022-25333

texas instruments

omap l138

tee

rsa check

vulnerability

security architecture

nvd

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.

Affected configurations

NVD

Node

tiomap_l138_firmwareMatch-

AND

tiomap_l138Match-

CPENameOperatorVersion
ti:omap_l138_firmwareti omap l138 firmwareeq-

CPE	Name	Operator	Version
ti:omap_l138_firmware	ti omap l138 firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "affected",
    "vendor": "Texas Instruments",
    "product": "OMAP",
    "versions": [
      {
        "version": "L138",
        "status": "affected"
      }
    ]
  }
]

References

tetraburst.com/

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2022-25333

nvd3 prion3 cvelist3 cve2