Vulnerabilities > Samsung > Mtower

DATE CVE VULNERABILITY TITLE RISK
2022-09-01 CVE-2022-36622 NULL Pointer Dereference vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.
network
low complexity
samsung CWE-476
7.5
2022-08-11 CVE-2022-38155 Allocation of Resources Without Limits or Throttling vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.
network
low complexity
samsung CWE-770
7.5
2022-08-04 CVE-2022-35858 Memory Leak vulnerability in Samsung Mtower 0.3.0
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.
local
low complexity
samsung CWE-401
7.8