CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25332 – SK_LOAD timing side channel during AES module decryption in Texas Instruments OMAP L138
https://notcve.org/view.php?id=CVE-2022-25332
19 Oct 2023 — The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK). La implementación de AES en Texas Instruments OMAP L138 (variantes seguras), presente en la... • https://tetraburst.com • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25334 – Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138
https://notcve.org/view.php?id=CVE-2022-25334
19 Oct 2023 — The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module ... • https://tetraburst.com • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25333 – Flawed SK_LOAD module authenticity check in Texas Instruments OMAP L138
https://notcve.org/view.php?id=CVE-2022-25333
19 Oct 2023 — The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architectu... • https://tetraburst.com • CWE-347: Improper Verification of Cryptographic Signature •