CVE-2022-25332— SK_LOAD timing side channel during AES module decryption in Texas Instruments OMAP L138
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-25332
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SK_LOAD timing side channel during AES module decryption in Texas Instruments OMAP L138
Source: NVD (National Vulnerability Database)
Vulnerability Description
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过时间差异性导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Texas Instruments OMAP L138 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Texas Instruments OMAP L138是美国德州仪器(Texas Instruments)公司的一个DSP+ARM工业处理器。 Texas Instruments OMAP L138 (secure variants)存在安全漏洞,该漏洞源于ES 实现容易受到定时侧通道的影响,攻击者利用该漏洞可以通过管理缓存内容收集不同密文输入的定时信息来利用定时侧通道,使用此侧通道,SK_LOAD 安全内核例程可用于恢复客户加密密钥 (CEK)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Texas Instruments | OMAP | L138 | - |
II. Public POCs for CVE-2022-25332
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-25332
请登录查看更多情报信息。
Same Patch Batch · Texas Instruments · 2023-10-19 · 3 CVEs total
| CVE-2022-25334 | 8.2 HIGH | Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138 |
| CVE-2022-25333 | 8.2 HIGH | Flawed SK_LOAD module authenticity check in Texas Instruments OMAP L138 |
IV. Related Vulnerabilities
Same vendor: Texas Instruments
- CVE-2021-27504
Texas Instruments FREERTOS Integer Overflow or Wraparound - CVE-2021-27502
Texas Instruments TI-RTOS Integer Overflow or Wraparound - CVE-2021-22636
Texas Instruments TI-RTOS Integer Overflow or Wraparound - CVE-2021-27429
Texas Instruments TI-RTOS Integer Overflow or Wraparound - CVE-2022-25334
Stack overflow on SK_LOAD signature length field in Texas In
Same weakness: CWE-208
- CVE-2026-41588
RELATE: Timing Attack Vulnerability in course/auth.py — chec - CVE-2026-41161
Username Enumeration via Timing Attack - CVE-2026-33006
Apache HTTP Server: mod_auth_digest timing attack - CVE-2026-41263
Traefik: BasicAuth middleware: timing side-channel vulnerabi - CVE-2026-41407
OpenClaw < 2026.4.2 - Timing Side Channel in Shared-Secret C
V. Comments for CVE-2022-25332
No comments yet