CVE-2022-22265 - An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release

CVE-2022-22265

Summary

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1

Vulnerable Configurations

cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:samsung:exynos:-:*:*:*:*:*:*:*
cpe:2.3:h:samsung:exynos:-:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 27-06-2023 - 19:03)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

Last major update

27-06-2023 - 19:03

Published

10-01-2022 - 14:12

Last modified

27-06-2023 - 19:03