Lucene search

Samsung MobileCVELIST:CVE-2022-39881

HistoryNov 09, 2022 - 12:00 a.m.

CVE-2022-39881

2022-11-0900:00:00

CWE-20

Samsung Mobile

www.cve.org

input validation

exynos modems

remote attacker

out of bounds memory

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "Select devices using Exynos CP chipsets",
        "status": "affected",
        "lessThan": "SMR Nov-2022 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2022&month=11

5.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVELIST:CVE-2022-39881