Texas Instruments OMAP L138
Approved changes feed: RSS · Atom
cpe:2.3:h:ti:omap_l138:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Ti (2c4e43a5-e08a-542d-a02a-38c51c91aad1) |
|---|---|
| Product | Omap L138 (b293f2b9-9196-5ccd-b784-885ce3b95df3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-25334 |
not_vulnerable | 2026-06-03 14:46:37.567327 |
Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138
HIGH (8.2)
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.
Published: 2023-10-19T09:36:09.230Z
Updated: 2024-08-03T04:36:06.873Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25333 |
not_vulnerable | 2026-06-03 14:46:37.567001 |
Flawed SK_LOAD module authenticity check in Texas Instruments OMAP L138
HIGH (8.2)
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture.
Published: 2023-10-19T09:35:03.919Z
Updated: 2024-08-03T04:36:06.868Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25332 |
not_vulnerable | 2026-06-03 14:46:37.566585 |
SK_LOAD timing side channel during AES module decryption in Texas Instruments OMAP L138
MEDIUM (4.4)
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).
Published: 2023-10-19T09:36:24.924Z
Updated: 2025-02-27T20:40:23.215Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.