cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-40757,https://securityvulnerability.io/vulnerability/CVE-2022-40757,Buffer Access Vulnerability in Samsung mTower,"A vulnerability in the TEE_MACComputeFinal function of Samsung mTower can be exploited by trusted applications to induce a Denial of Service (DoS). This occurs when the function is called with an excessively large message length, leading to buffer access issues that may cause unexpected application behavior or crashes. The affected versions include mTower through 0.3.0, highlighting a critical need for updates to mitigate potential risks.",Samsung,Mtower,7.5,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2022-09-16T21:36:51.000Z,0
CVE-2022-40758,https://securityvulnerability.io/vulnerability/CVE-2022-40758,Buffer Access Vulnerability in Samsung mTower,"A vulnerability has been identified in the TEE_CipherUpdate function of Samsung's mTower application, allowing a trusted application to exploit it by supplying an excessively large value for srcLen. This can lead to a Denial of Service (DoS) condition, ultimately impacting the availability of the service. It's crucial for users of Samsung mTower to apply necessary updates or mitigations to prevent potential disruptions.",Samsung,Mtower,7.5,HIGH,0.0010499999625608325,false,,false,false,false,,,false,false,,2022-09-16T21:36:46.000Z,0
CVE-2022-40759,https://securityvulnerability.io/vulnerability/CVE-2022-40759,NULL Pointer Dereference in Samsung mTower Affects Trusted Application Operations,"A vulnerability in the TEE_MACCompareFinal function of Samsung mTower allows a trusted application to initiate a Denial of Service (DoS) by passing a NULL pointer as an argument. This flaw can lead to unintended behavior and service disruption in applications relying on this function, posing a significant risk to application stability and overall system integrity.",Samsung,Mtower,7.5,HIGH,0.0014900000533089042,false,,false,false,false,,,false,false,,2022-09-16T21:36:38.000Z,0
CVE-2022-40760,https://securityvulnerability.io/vulnerability/CVE-2022-40760,Buffer Access Vulnerability in Samsung mTower,"A Buffer Access with Incorrect Length Value vulnerability exists in the TEE_MACUpdate function of the Samsung mTower product through version 0.3.0. This vulnerability can be exploited by trusted applications invoking TEE_MACUpdate with an excessively large chunkSize parameter, potentially leading to a Denial of Service (DoS). Such an attack could impact the availability and functionality of the system, making it critical for users to apply proper security measures and updates.",Samsung,Mtower,7.5,HIGH,0.007319999858736992,false,,false,false,false,,,false,false,,2022-09-16T21:36:32.000Z,0
CVE-2022-40761,https://securityvulnerability.io/vulnerability/CVE-2022-40761,Denial of Service vulnerability in Samsung mTower,"The function tee_obj_free in Samsung mTower version 0.3.0 contains a vulnerability that allows a trusted application to instigate a Denial of Service (DoS) attack. This is achieved by invoking the TEE_AllocateOperation function with a malformed heap layout, which is related to utee_cryp_obj_alloc. This situation can lead to unexpected behavior and service unavailability, making it crucial for users to apply the necessary mitigations.",Samsung,Mtower,7.5,HIGH,0.010350000113248825,false,,false,false,false,,,false,false,,2022-09-16T21:35:50.000Z,0
CVE-2022-40762,https://securityvulnerability.io/vulnerability/CVE-2022-40762,Memory Allocation Vulnerability in Samsung mTower Software,"A vulnerability exists in the TEE_Realloc function of Samsung's mTower software version 0.3.0, where a trusted application can cause a Denial of Service (DoS) by passing an excessively large value for the 'len' parameter. This flaw can lead to resource exhaustion, disrupting normal operations and causing instability in services dependent on mTower.",Samsung,Mtower,7.5,HIGH,0.0014900000533089042,false,,false,false,false,,,false,false,,2022-09-16T21:35:45.000Z,0
CVE-2022-39828,https://securityvulnerability.io/vulnerability/CVE-2022-39828,Denial of Service Vulnerability in Samsung mTower Versions,"The mTower product from Samsung, specifically version 0.3.0, contains a vulnerability due to a missing check on the return value of the EC_KEY_set_private_key function. This oversight can lead to a denial of service, potentially compromising the availability of the service and impacting user operations. It is crucial for users to be aware of this security issue and apply the necessary updates or mitigations to protect their systems.",Samsung,Mtower,7.5,HIGH,0.005919999908655882,false,,false,false,false,,,false,false,,2022-09-05T03:43:31.000Z,0
CVE-2022-39829,https://securityvulnerability.io/vulnerability/CVE-2022-39829,NULL Pointer Dereference in Samsung mTower Affecting Cryptographic Operations,"A vulnerability in Samsung mTower, specifically in the aes256_encrypt function, arises from a NULL pointer dereference related to a missing validation of the return value from EVP_CIPHER_CTX_new. This issue affects versions of mTower up to 0.3.0 and can potentially lead to unexpected behavior during cryptographic operations. Developers should ensure that checks for the return value are properly implemented to mitigate this risk.",Samsung,Mtower,7.5,HIGH,0.005919999908655882,false,,false,false,false,,,false,false,,2022-09-05T03:43:20.000Z,0
CVE-2022-39830,https://securityvulnerability.io/vulnerability/CVE-2022-39830,Denial of Service Vulnerability in Samsung mTower Software,"The mTower software developed by Samsung contains a vulnerability due to a missing validation check in the method sign_pFwInfo. Specifically, when using the function EC_KEY_set_public_key_affine_coordinates, improper handling of the return value can escalate to a denial of service situation. This flaw affects the stability and reliability of the software, making it crucial for users to implement necessary security measures.",Samsung,Mtower,7.5,HIGH,0.005919999908655882,false,,false,false,false,,,false,false,,2022-09-05T03:43:12.000Z,0
CVE-2022-36622,https://securityvulnerability.io/vulnerability/CVE-2022-36622,NULL Pointer Dereference in Samsung Electronics mTower Affects Device Security,"The vulnerability in Samsung Electronics mTower, specifically in versions 0.3.0 and earlier, arises from a NULL pointer dereference found within the TEE_GetObjectInfo1 function. This flaw can be exploited to disrupt normal functionality, potentially leading to unauthorized access or negatively impacting the operational integrity of affected devices. Users and administrators are advised to assess their systems and implement recommendations from Samsung to mitigate these risks.",Samsung,Mtower,7.5,HIGH,0.007910000160336494,false,,false,false,false,,,false,false,,2022-09-01T20:04:47.000Z,0
CVE-2022-36621,https://securityvulnerability.io/vulnerability/CVE-2022-36621,NULL Pointer Dereference in Samsung Electronics mTower Product,"A vulnerability has been identified in Samsung Electronics mTower, specifically in versions up to and including 0.3.0. This flaw arises due to a NULL pointer dereference in the function TEE_AllocateTransientObject. When triggered, this issue could lead to unexpected behavior or crashes within the application, potentially impacting its security and stability. It is important for users and administrators to address this vulnerability through an update or patch to ensure continued protection against potential exploits.",Samsung,Mtower,7.5,HIGH,0.010350000113248825,false,,false,false,false,,,false,false,,2022-09-01T20:04:08.000Z,0
CVE-2022-38155,https://securityvulnerability.io/vulnerability/CVE-2022-38155,Excessive Memory Allocation in Samsung mTower Affected by TEE_Malloc,"The TEE_Malloc function in Samsung's mTower version 0.3.0 is vulnerable to excessive memory allocation caused by a large length parameter value. This flaw can lead to unintended consequences, including system instability, as evidenced by a crash of the Numaker-PFM-M2351 TEE kernel when invoked. Developers and security professionals should be aware of this vulnerability to implement appropriate protections.",Samsung,Mtower,7.5,HIGH,0.0007699999841861427,false,,false,false,false,,,false,false,,2022-08-11T00:52:12.000Z,0
CVE-2022-35858,https://securityvulnerability.io/vulnerability/CVE-2022-35858,Memory Overwrite and Denial of Service in Samsung mTower Software,"The mTower software version 0.3.0 from Samsung contains a vulnerability in the TEE_PopulateTransientObject and __utee_from_attr functions. This flaw allows a trusted application to initiate a memory overwrite by passing an excessive value to the attrCount parameter, leading to potential denial of service and information disclosure. The improper handling of memory allocation in this case can compromise the system's stability and data integrity.",Samsung,Mtower,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-08-04T19:42:37.000Z,0