CVE-2022-26942

Multiple missing pointer validation checks in trusted execution module in Motorola MTM5000

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives.

Los firmwares de la serie Motorola MTM5000 carecen de validación de puntero en los argumentos pasados a los módulos Trusted Execution Environment (TEE). Se utilizan dos módulos, uno responsable de la gestión de claves KVL y el otro de la funcionalidad criptográfica TETRA. En ambos módulos, un adversario con una ejecución de código de nivel de supervisor no segura puede aprovechar el problema para obtener una ejecución segura de código de supervisor dentro del TEE. Esto constituye una ruptura total del módulo TEE, exponiendo la clave del dispositivo, así como cualquier clave criptográfica TETRA y las primitivas criptográficas TETRA confidenciales.

*Credits: Midnight Blue

CVSS Scores

NISTv3.1 8.2
National Cyber Security Centre Netherlands (NCSC-NL)v3.1 8.2

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2022-03-11 CVE Reserved
2023-10-19 CVE Published
2023-10-20 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-763: Release of Invalid Pointer or Reference
CWE-822: Untrusted Pointer Dereference

CAPEC

References (1)

URL	Tag	Source
https://tetraburst.com	Related

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Motorola Search vendor "Motorola"	Mtm5500 Firmware Search vendor "Motorola" for product "Mtm5500 Firmware"	-	-	Affected	in	Motorola Search vendor "Motorola"	Mtm5500 Search vendor "Motorola" for product "Mtm5500"	-	-	Safe
Motorola Search vendor "Motorola"	Mtm5400 Firmware Search vendor "Motorola" for product "Mtm5400 Firmware"	-	-	Affected	in	Motorola Search vendor "Motorola"	Mtm5400 Search vendor "Motorola" for product "Mtm5400"	-	-	Safe