To exploit the vulnerability, invoke the function TEE_MACCompareFinal and pass a NULL pointer to the parameter "operation".
Suggested description of the vulnerability for use in the CVE
Null pointer dereference vulnerablity in TEE_MACCompareFinal function in Samsung Electronics mTower v0.3.0 (and earlier) allows a trusted application to trigger a Denial of Service (DoS) via invoking the function TEE_MACCompareFinal with a Null pointer of the parameter "operation".
if (operation->info.operationClass != TEE_OPERATION_MAC) {
Additional information
The TEE_MACCompareFinal function takes a pointer "operation". This value is passed by TA, and TEE_MACCompareFinal does not check whether it is a null pointer or not. Executing the statement "if (operation->info.operationClass != TEE_OPERATION_MAC)" later will crash the trusted execution environment kernel and cause a Denial of Service (DoS).
THANK YOU FOR CONTRIBUTIONS IN MTOWER TEE OS!
The text was updated successfully, but these errors were encountered:
Affected components:
affected source code file: /tee/lib/libutee/tee_api_objects.c, affected functions: TEE_MACCompareFinal
Attack vector(s)
To exploit the vulnerability, invoke the function TEE_MACCompareFinal and pass a NULL pointer to the parameter "operation".
Suggested description of the vulnerability for use in the CVE
Null pointer dereference vulnerablity in TEE_MACCompareFinal function in Samsung Electronics mTower v0.3.0 (and earlier) allows a trusted application to trigger a Denial of Service (DoS) via invoking the function TEE_MACCompareFinal with a Null pointer of the parameter "operation".
Discoverer(s)/Credits
SyzTrust
Reference(s)
https://github.com/Samsung/mTower
mTower/tee/lib/libutee/tee_api_operations.c
Line 1249 in efd3670
Additional information
The TEE_MACCompareFinal function takes a pointer "operation". This value is passed by TA, and TEE_MACCompareFinal does not check whether it is a null pointer or not. Executing the statement "if (operation->info.operationClass != TEE_OPERATION_MAC)" later will crash the trusted execution environment kernel and cause a Denial of Service (DoS).
THANK YOU FOR CONTRIBUTIONS IN MTOWER TEE OS!
The text was updated successfully, but these errors were encountered: