7.8
CVE-2022-22265
- EPSS 0.16%
- Veröffentlicht 10.01.2022 14:12:35
- Zuletzt bearbeitet 30.10.2025 15:37:18
- Quelle mobile.security@samsung.com
- CVE-Watchlists
- Unerledigt
LoginAn improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
18.09.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Samsung Mobile Devices Use-After-Free Vulnerability
SchwachstelleSamsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.373 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| mobile.security@samsung.com | 5 | 0.8 | 3.7 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
|
CWE-703 Improper Check or Handling of Exceptional Conditions
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.