Vulnerabilities > CVE-2022-25332 - Information Exposure Through Discrepancy vulnerability in TI Omap L138 Firmware

047910
CVSS 4.1 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
high complexity
ti
CWE-203

Summary

The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).

Vulnerable Configurations

Part Description Count
OS
Ti
1
Hardware
Ti
1

Common Weakness Enumeration (CWE)