CVE-2022-27813

Unconfigured memory protection modules in Motorola MTM5000

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.

Los firmwares de la serie Motorola MTM5000 carecen de protección de memoria configurada correctamente para las páginas compartidas entre los núcleos OMAP-L138 ARM y DSP. El SoC proporciona dos unidades de protección de memoria, MPU1 y MPU2, para reforzar el límite de confianza entre los dos núcleos. Dado que los firmwares dejan ambas unidades sin configurar, un adversario con control sobre cualquiera de los núcleos puede obtener trivialmente la ejecución de código en el otro, sobrescribiendo el código ubicado en la RAM compartida o en las regiones de memoria DDR2.

*Credits: Midnight Blue

CVSS Scores

NISTv3.1 8.2
National Cyber Security Centre Netherlands (NCSC-NL)v3.1 8.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-03-24 CVE Reserved
2023-10-19 CVE Published
2023-10-20 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges

CAPEC

References (1)

URL	Tag	Source
https://tetraburst.com	Related

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Motorola Search vendor "Motorola"	Mtm5500 Firmware Search vendor "Motorola" for product "Mtm5500 Firmware"	-	-	Affected	in	Motorola Search vendor "Motorola"	Mtm5500 Search vendor "Motorola" for product "Mtm5500"	-	-	Safe
Motorola Search vendor "Motorola"	Mtm5400 Firmware Search vendor "Motorola" for product "Mtm5400 Firmware"	-	-	Affected	in	Motorola Search vendor "Motorola"	Mtm5400 Search vendor "Motorola" for product "Mtm5400"	-	-	Safe