Details of VAR-202201-1001

ID

VAR-202201-1001

CVE

CVE-2022-22265

TITLE

Android Vulnerability in handling exceptional conditions in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002961

DESCRIPTION

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. Android Exists in a vulnerability in handling exceptional conditions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung NPU driver is a neural network processor for Samsung mobile devices. There is an exception handling error vulnerability in the Samsung NPU driver. This vulnerability originates from the error checking or handling of exceptions in the NPU driver. An attacker can use this vulnerability to execute arbitrary code

Trust: 2.25

sources: NVD: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-95326

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	9.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices p	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-95326 // JVNDB: JVNDB-2022-002961 // NVD: CVE-2022-22265

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22265
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22265
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-22265
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2023-95326
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202201-614
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-22265
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22265
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2023-95326
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-22265
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-22265
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	0.8
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22265
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNNVD: CNNVD-202201-614 // NVD: CVE-2022-22265 // NVD: CVE-2022-22265

PROBLEMTYPE DATA

problemtype:	CWE-703	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002961 // NVD: CVE-2022-22265

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-614

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-614

PATCH

title:	top page	url:	https://www.android.com/	Trust: 0.8
title:	Patch for Samsung NPU driver exception handling error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/355491	Trust: 0.6
title:	Samsung NPU driver Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=178081	Trust: 0.6
title:	Cybersecurity Vulnerability and Exposure Report	url:	https://github.com/oxMdee/Cybersecurity-Vulnerability-and-Exposure-Report	Trust: 0.1
title:	Linux Kernel Exploitation	url:	https://github.com/xairy/linux-kernel-exploitation	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNNVD: CNNVD-202201-614

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22265	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-002961	Trust: 0.8
db:	CNVD	id:	CNVD-2023-95326	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-614	Trust: 0.6
db:	VULMON	id:	CVE-2022-22265	Trust: 0.1

sources: CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNNVD: CNNVD-202201-614 // NVD: CVE-2022-22265

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=1	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22265	Trust: 2.0
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/oxmdee/cybersecurity-vulnerability-and-exposure-report	Trust: 0.1
url:	https://github.com/xairy/linux-kernel-exploitation	Trust: 0.1

sources: CNVD: CNVD-2023-95326 // VULMON: CVE-2022-22265 // JVNDB: JVNDB-2022-002961 // CNNVD: CNNVD-202201-614 // NVD: CVE-2022-22265

SOURCES

db:	CNVD	id:	CNVD-2023-95326
db:	VULMON	id:	CVE-2022-22265
db:	JVNDB	id:	JVNDB-2022-002961
db:	CNNVD	id:	CNNVD-202201-614
db:	NVD	id:	CVE-2022-22265

LAST UPDATE DATE

2024-08-14T14:25:04.095000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-95326	date:	2023-12-05T00:00:00
db:	VULMON	id:	CVE-2022-22265	date:	2023-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-002961	date:	2023-01-31T06:17:00
db:	CNNVD	id:	CNNVD-202201-614	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-22265	date:	2023-06-27T19:03:49.690

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-95326	date:	2022-10-12T00:00:00
db:	VULMON	id:	CVE-2022-22265	date:	2022-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-002961	date:	2023-01-31T00:00:00
db:	CNNVD	id:	CNNVD-202201-614	date:	2022-01-10T00:00:00
db:	NVD	id:	CVE-2022-22265	date:	2022-01-10T14:12:35.837