CVE-2022-23999

PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent...

CVE-2022-23997

Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission...

CVE-2022-24000

PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent...

CVE-2022-23432

An improper input validation in SMCSRPMBWSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution...

Improper access control

An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission...

Code injection

Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity...

Privilege escalation

A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege...

Spoofing

PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent...

Input validation

An improper input validation in SMCSRPMBWSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution...

CVE-2022-23999

CVE-2022-23999 describes a PendingIntent hijacking vulnerability in Android’s CpaReceiver prior to Samsung SMR Feb-2022 Release 1, enabling local attackers to access media files via KnoxPrivacyNoticeReceiver through an implicit Intent. Affected component is the CpaReceiver/KnoxPrivacyNoticeReceiv...

CVE-2022-23432

CVE-2022-23432 records an improper input validation in the SMC_SRPMB_WSM handler of RPMB ldfw, before SMR Feb-2022 Release 1, that allows arbitrary memory writes and code execution. Affected: RPMB ldfw/SMSC SRPMB WSM handler (pre-Release 1 Feb-2022). Impact: local attacker could corrupt memory an...

CVE-2022-23431

An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution...

CVE-2022-23429

CVE-2022-23429 describes an improper boundary check in the Android audio HAL service prior to SMR Feb-2022 Release 1, allowing local attackers to read invalid memory and cause an application crash. In the provided connected records, the vulnerability is documented across multiple sources (NVD, Re...

CVE-2022-23427

PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent...

CVE-2022-22292

CVE-2022-22292 affects Samsung Telecom dynamic receiver functionality; an unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted apps to launch arbitrary activity. CVSSv3.1 basis: LOCAL, LOW privileges, HIGH impact on confidentiality/integrity, and HIGH impact on...

CVE-2022-22291

Technical details about CVE-2022-22291 are not publicly provided in the connected documents. Available sources summarize a logging-related information disclosure in Samsung telephony, but do not specify affected versions, root cause, exploit details, or patches; monitor for updates.