Samsung/mTower

GitHub

github.com

Releases8

Frequency9 months 2 weeks

Last Release over 1 year ago

Stars75

mTower is Trusted Execution Environment specially designed to be used on MicroController Units (MCUs) supporting ARM TrustZone technology (e.g., Cortex-M23/33/35p). mTower operates well under restrictions typical for such environment – small RAM and ROM sizes, relatively low performance, absence of rich OSes providing variety of services available on PCs or in enterprise environments. mTower is intended for usage in IoT, embedded devices, Smart Home applications, distributed heterogeneous networks and other environments where secure processing of sensitive data is necessary.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-40757 ↗	Sep 16, 2022Friday, 16 September 2022, 22:15	7.5 HIGH	—
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.
CVE-2022-40762 ↗	Sep 16, 2022Friday, 16 September 2022, 22:15	7.5 HIGH	—
A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.
CVE-2022-40761 ↗	Sep 16, 2022Friday, 16 September 2022, 22:15	7.5 HIGH	—
The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.
CVE-2022-40760 ↗	Sep 16, 2022Friday, 16 September 2022, 22:15	7.5 HIGH	—
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.
CVE-2022-40759 ↗	Sep 16, 2022Friday, 16 September 2022, 22:15	7.5 HIGH	—
A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.
CVE-2022-40758 ↗	Sep 16, 2022Friday, 16 September 2022, 22:15	7.5 HIGH	—
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.
CVE-2022-39830 ↗	Sep 5, 2022Monday, 5 September 2022, 04:15	7.5 HIGH	—
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
CVE-2022-39829 ↗	Sep 5, 2022Monday, 5 September 2022, 04:15	7.5 HIGH	—
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.
CVE-2022-39828 ↗	Sep 5, 2022Monday, 5 September 2022, 04:15	7.5 HIGH	—
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
CVE-2022-36622 ↗	Sep 1, 2022Thursday, 1 September 2022, 21:15	7.5 HIGH	—
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.
CVE-2022-36621 ↗	Sep 1, 2022Thursday, 1 September 2022, 21:15	7.5 HIGH	—
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.
CVE-2022-38155 ↗	Aug 11, 2022Thursday, 11 August 2022, 01:15	7.5 HIGH	—
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.
CVE-2022-35858 ↗	Aug 4, 2022Thursday, 4 August 2022, 20:15	7.8 HIGH	—
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.