ID

VAR-202201-1001


CVE

CVE-2022-22265


TITLE

Android  Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002961

DESCRIPTION

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. Android Exists in a vulnerability in handling exceptional conditions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung NPU driver is a neural network processor for Samsung mobile devices. There is an exception handling error vulnerability in the Samsung NPU driver. This vulnerability originates from the error checking or handling of exceptions in the NPU driver. An attacker can use this vulnerability to execute arbitrary code

Trust: 2.25

sources: NVD: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-95326

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:12.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:10.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:9.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:11.0

Trust: 1.0

vendor:googlemodel:androidscope:eqversion: -

Trust: 0.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:samsungmodel:mobile devices rscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices qscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices pscope: - version: -

Trust: 0.6

vendor:samsungmodel:mobile devices sscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-95326 // JVNDB: JVNDB-2022-002961 // NVD: CVE-2022-22265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22265
value: HIGH

Trust: 1.0

mobile.security@samsung.com: CVE-2022-22265
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-22265
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-95326
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202201-614
value: HIGH

Trust: 0.6

VULMON: CVE-2022-22265
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22265
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2023-95326
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-22265
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

mobile.security@samsung.com: CVE-2022-22265
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.8
impactScore: 3.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-22265
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNNVD: CNNVD-202201-614 // NVD: CVE-2022-22265 // NVD: CVE-2022-22265

PROBLEMTYPE DATA

problemtype:CWE-703

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-002961 // NVD: CVE-2022-22265

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-614

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-614

PATCH

title:top pageurl:https://www.android.com/

Trust: 0.8

title:Patch for Samsung NPU driver exception handling error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/355491

Trust: 0.6

title:Samsung NPU driver Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=178081

Trust: 0.6

title:Cybersecurity Vulnerability and Exposure Reporturl:https://github.com/oxMdee/Cybersecurity-Vulnerability-and-Exposure-Report

Trust: 0.1

title:Linux Kernel Exploitationurl:https://github.com/xairy/linux-kernel-exploitation

Trust: 0.1

title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNNVD: CNNVD-202201-614

EXTERNAL IDS

db:NVDid:CVE-2022-22265

Trust: 3.9

db:JVNDBid:JVNDB-2022-002961

Trust: 0.8

db:CNVDid:CNVD-2023-95326

Trust: 0.6

db:CNNVDid:CNNVD-202201-614

Trust: 0.6

db:VULMONid:CVE-2022-22265

Trust: 0.1

sources: CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNNVD: CNNVD-202201-614 // NVD: CVE-2022-22265

REFERENCES

url:https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=1

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-22265

Trust: 2.0

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/oxmdee/cybersecurity-vulnerability-and-exposure-report

Trust: 0.1

url:https://github.com/xairy/linux-kernel-exploitation

Trust: 0.1

sources: CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNNVD: CNNVD-202201-614 // NVD: CVE-2022-22265

SOURCES

db:CNVDid:CNVD-2023-95326
db:VULMONid:CVE-2022-22265
db:JVNDBid:JVNDB-2022-002961
db:CNNVDid:CNNVD-202201-614
db:NVDid:CVE-2022-22265

LAST UPDATE DATE

2024-08-14T14:25:04.095000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-95326date:2023-12-05T00:00:00
db:VULMONid:CVE-2022-22265date:2023-06-27T00:00:00
db:JVNDBid:JVNDB-2022-002961date:2023-01-31T06:17:00
db:CNNVDid:CNNVD-202201-614date:2023-06-28T00:00:00
db:NVDid:CVE-2022-22265date:2023-06-27T19:03:49.690

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-95326date:2022-10-12T00:00:00
db:VULMONid:CVE-2022-22265date:2022-01-10T00:00:00
db:JVNDBid:JVNDB-2022-002961date:2023-01-31T00:00:00
db:CNNVDid:CNNVD-202201-614date:2022-01-10T00:00:00
db:NVDid:CVE-2022-22265date:2022-01-10T14:12:35.837