{"uuid": "e61f5fb5-9f30-4d7d-8343-4347a11601be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25332", "type": "seen", "source": "https://t.me/arpsyndicate/624", "content": "#ExploitObserverAlert\n\nGHSA-q84w-p2g5-rxw9\n\nDESCRIPTION: Exploit Observer has 3 entries related to GHSA-Q84W-P2G5-RXW9. The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.\n\nGHSS: 8.2", "creation_timestamp": "2023-11-28T00:57:29.000000Z"}