Lucene search

Samsung MobileCVELIST:CVE-2022-23428

HistoryFeb 11, 2022 - 5:40 p.m.

CVE-2022-23428

2022-02-1117:40:11

CWE-120

Samsung Mobile

www.cve.org

cve-2022-23428

boundary check

eden_runtime

memory write

code execution

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

Percentile

12.6%

JSON

An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

CNA Affected

[
  {
    "product": "Samsung Mobile Devices with Exynos chipsets",
    "vendor": "Samsung Mobile",
    "versions": [
      {
        "lessThan": "SMR Feb-2022 Release 1",
        "status": "affected",
        "version": "Q(10.0), R(11.0), S(12.0) devices with selected Exynos chipsets",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2022&month=2

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-23428