The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.
References
Link | Resource |
---|---|
https://tetraburst.com/ | Not Applicable |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: NCSC-NL
Published: 2023-10-19T09:35:03.919Z
Updated: 2023-10-19T09:50:11.988Z
Reserved: 2022-02-18T17:18:33.456Z
Link: CVE-2022-25333
JSON object: View
NVD Information
Status : Modified
Published: 2023-10-19T10:15:09.747
Modified: 2023-11-07T03:44:46.143
Link: CVE-2022-25333
JSON object: View
Redhat Information
No data.