CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.

Product Status

Learn more

Information not provided

References 3 Total

https://github.com/Samsung/mTower/issues/81
external site
https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/lib/libutee/tee_api_operations.c#L1188
external site
https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/crypto/libtomcrypt/include/tomcrypt_hash.h#L397
external site

Updated: 2024-08-03

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

https://github.com/Samsung/mTower/issues/81
external site
x_transferred
https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/tee/lib/libutee/tee_api_operations.c#L1188
external site
x_transferred
https://github.com/Samsung/mTower/blob/efd36709306a9afcca5b4782499d01be0c7a02a5/crypto/libtomcrypt/include/tomcrypt_hash.h#L397
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 3 Total

CVE Program

References 3 Total