The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.
References
Link | Resource |
---|---|
https://tetraburst.com/ | Not Applicable |
Configurations
Configuration 1 (hide)
AND |
|
History
31 Oct 2023, 18:53
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ti omap L138
Ti omap L138 Firmware Ti |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:h:ti:omap_l138:-:*:*:*:*:*:*:* cpe:2.3:o:ti:omap_l138_firmware:-:*:*:*:*:*:*:* |
|
References | (MISC) https://tetraburst.com/ - Not Applicable | |
CWE | NVD-CWE-noinfo |
19 Oct 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-19 10:15
Updated : 2023-12-10 15:14
NVD link : CVE-2022-25333
Mitre link : CVE-2022-25333
CVE.ORG link : CVE-2022-25333
JSON object : View
Products Affected
ti
- omap_l138
- omap_l138_firmware
CWE