8.2

CVE-2022-27813

EPSS 0.05%
Veröffentlicht 19.10.2023 10:15:10
Zuletzt bearbeitet 21.11.2024 06:56:14
Quelle cert@ncsc.nl
CVE-Watchlists
Login
Unerledigt
Login

Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Motorola ≫ Mtm5500 Firmware Version-

Motorola ≫ Mtm5500 Version-

Motorola ≫ Mtm5400 Firmware Version-

Motorola ≫ Mtm5400 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
cert@ncsc.nl	8.1	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges

The product allows address regions to overlap, which can result in the bypassing of intended memory protection.

https://tetraburst.com/

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2022-27813

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27813

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27813

EUVD