CVE-2022-25334

HIGH 8.2

Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138

CVSS Score

8.2

EPSS Score

0.0%

EPSS Percentile

0th

The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.

CWE	CWE-121
Vendor	texas instruments
Product	omap
Published	Oct 19, 2023
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for texas instruments omap

Be the first to know when new high vulnerabilities affecting texas instruments omap are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:L/MAC:L/MPR:H/MUI:N/MS:C/MC:H/MI:H/MA:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

High

Affected Versions

Texas Instruments / OMAP

L138

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tetraburst.com: https://tetraburst.com/

Credits

Midnight Blue