CVE-2022-25334: Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.
Affected Software
Event History
Frequently Asked Questions
What is CVE-2022-25334?
CVE-2022-25334 is a vulnerability in the Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) that allows a stack overflow by exploiting a lack of bounds check on the signature size field.
How does CVE-2022-25334 affect the Ti Omap L138 Firmware?
CVE-2022-25334 affects the Ti Omap L138 Firmware by allowing an attacker to cause a stack overflow, potentially affecting secure kernel data.
What is the severity of CVE-2022-25334?
The severity of CVE-2022-25334 is high, with a severity value of 8.2.
How can CVE-2022-25334 be exploited?
CVE-2022-25334 can be exploited by using a module with a sufficiently large signature field to trigger a stack overflow.
Is the Ti Omap L138 device vulnerable to CVE-2022-25334?
No, the Ti Omap L138 device is not vulnerable to CVE-2022-25334.