CVE-2022-40279 An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE)

This issue has been fixed in Tizen 3.1_PRE, released on 4 September 2016. Samsung TizenRT versions 3.0_GBM and 3.1_PRE are affected. Samsung TizenRT versions 3.0_GBM and 3.1_PRE are affected. Firmware versions used: Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE.3 Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE.2 Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE.1 Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE.0 Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE.0 Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE.0 Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE.0 Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE.0 Tizen RT 3.1.1_PRE_A.0.250.201612

Type of Issue

This issue causes a crash when you try to load the Maps application on Tizen RT devices running firmware version 3.1.0_PRE_A.0.250.2016123112.1_PRE

Installation Instructions

Step 1: Download the firmware file
Step 2: Install the downloaded firmware on your device
Step 3: Reboot your device
The issue has been fixed in Tizen 3.1_PRE, released on 4 September 2016. Samsung TizenRT versions 3.0_GBM and 3.1_PRE are affected. Firmware versions used: Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE.3 Tizen RT 3.1.1_PRE_A.0.250.2016123112 .2 Tizen RT 3 .1 . 1 _ PRE _ A . 0 . 2 5 0 . 2 1 6 1 2 - 0 7 _ P R E

Installation and first boot phase of Tizen RT 3.1.1_PRE

Affected devices are installed properly but if restarted they automatically reboot back to the 'downloading' phase after ~12 hours of continuous operation and then shutdown permanently once the update is complete.
This issue has been fixed in Tizen 3.1_PRE, released on 4 September 2016. Samsung TizenRT versions 3.0_GBM and 3.1_PRE are affected. Samsung TizenRT versions 3.0_GBM and 3.1_PRE are affected. Firmware versions used: Tizen RT 3.1.1_PRE_A.0.250.2016123112.1_PRE

Vulnerabilities

Could Allow Unauthorized Access to Your Data
The following vulnerabilities have been found in the Samsung Tizen 3.1 RT platform and could allow unauthorized access to your data.
- CVE-2022-40279: SDK call authentication bypass
- CVE-2022-40280: MTP replay attack  These vulnerabilities affect the Samsung Tizen 3.1 RT platform versions 3.1.1_PRE_A.0.250.2016123112 for TizenRT and 3.0_GBM for Samsung TizenRT, which were released on 4 September 2016 and are used by Samsung devices with the following models: SM-T230, SM-T230NU, SM-T235NU, SM-T237NU, SM-T239NU, SM-T249NU, SM-T250NU, and more Samsung devices that use these versions of software.

Timeline

Published on: 09/29/2022 03:15:00 UTC
Last modified on: 09/30/2022 23:00:00 UTC

References

• https://github.com/Samsung/TizenRT/issues/5629
• https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181
• https://linux.die.net/man/3/pcap_dispatch
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40279