Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138
Vulnerability Description
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
Texas Instruments OMAP L138 缓冲区错误漏洞
Vulnerability Description
Texas Instruments OMAP L138是美国德州仪器(Texas Instruments)公司的一个DSP+ARM工业处理器。 Texas Instruments OMAP L138 (secure variants)存在安全漏洞,该漏洞源于(TEE) 缺少对掩码 ROM 中存在的 SK_LOAD 模块加载例程中的签名大小字段的边界检查,足够大签名字段的模块会导致堆栈溢出,从而影响安全内核数据页,攻击者利用该漏洞可以在安全管理程序上下文中任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A