CVE-2022-38155 Information

Description

TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.

Reference

https://github.com/Samsung/mTower/blob/18f4b592a8a973ce5972f4e2658ea0f6e3686284/tee/lib/libutee/tee_api.c#L314 https://github.com/Samsung/mTower/issues/74