STMicroelectronics International N.V.

8 exploits Active since Aug 2022
CVE-2022-35858 WRITEUP HIGH WRITEUP
Samsung mTower 0.3.0 - Memory Corruption
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.
CVSS 7.8
CVE-2022-38155 WRITEUP HIGH WRITEUP
Samsung mTower <0.3.0 - Memory Corruption
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.
CVSS 7.5
CVE-2022-40757 WRITEUP HIGH WRITEUP
Samsung Mtower < 0.3.0 - Memory Corruption
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.
CVSS 7.5
CVE-2022-40758 WRITEUP HIGH WRITEUP
Samsung Mtower < 0.3.0 - Memory Corruption
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.
CVSS 7.5
CVE-2022-40759 WRITEUP HIGH WRITEUP
Samsung Mtower < 0.3.0 - NULL Pointer Dereference
A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.
CVSS 7.5
CVE-2022-40760 WRITEUP HIGH WRITEUP
Samsung Mtower < 0.3.0 - Memory Corruption
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.
CVSS 7.5
CVE-2022-40761 WRITEUP HIGH WRITEUP
Samsung Mtower < 0.3.0 - Denial of Service
The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.
CVSS 7.5
CVE-2022-40762 WRITEUP HIGH WRITEUP
Samsung Mtower < 0.3.0 - Resource Allocation Without Limits
A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.
CVSS 7.5