Lucene search

K
cve[email protected]CVE-2022-33716
HistoryAug 05, 2022 - 4:15 p.m.

CVE-2022-33716

2022-08-0516:15:13
CWE-908
CWE-457
web.nvd.nist.gov
35
iccc ta
smr
aug-2022 release 1
cve-2022-33716
memory vulnerability
local attacker
nvd

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.

Affected configurations

NVD
Node
googleandroidMatch11.0
OR
googleandroidMatch12.0

CNA Affected

[
  {
    "product": "Samsung Mobile Devices",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR Aug-2022 Release 1",
        "status": "affected",
        "version": "R(11), S(12)",
        "versionType": "custom"
      }
    ]
  }
]

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for CVE-2022-33716