Double-fetch vulnerability in Trustlet allows arbitrary TEE code execution on Samsung mobile devices

Double-fetch vulnerability in Trustlet allows arbitrary TEE code execution on Samsung mobile devices

CVE-2019-20610 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).

Learn more about our Cis Benchmark Audit For Mobile Devices.