CVE-2022-27813

EPSS 0.05%
Published 19.10.2023 10:15:10
Last modified 21.11.2024 06:56:14
Source cert@ncsc.nl
Teams watchlist Login
Open Login

Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Motorola ≫ Mtm5500 Firmware Version-

Motorola ≫ Mtm5500 Version-

Motorola ≫ Mtm5400 Firmware Version-

Motorola ≫ Mtm5400 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.138

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.2	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
cert@ncsc.nl	8.1	1.5	6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges

The product allows address regions to overlap, which can result in the bypassing of intended memory protection.

https://tetraburst.com/

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2022-27813

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27813

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27813

EUVD