Details of VAR-202203-0322

ID

VAR-202203-0322

CVE

CVE-2022-25822

TITLE

Google of Android Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006571

DESCRIPTION

An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. Google of Android Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Samsung sdp driver is a digital presenter driver for Samsung mobile devices. There is a denial of service vulnerability in the Samsung sdp driver. The vulnerability results from the confusion of the program's instructions responsible for releasing memory. An attacker could exploit this vulnerability to cause a kernel crash

Trust: 2.16

sources: NVD: CVE-2022-25822 // JVNDB: JVNDB-2022-006571 // CNVD: CNVD-2023-73911

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-73911

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	12.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.8
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.8
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices s	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-73911 // JVNDB: JVNDB-2022-006571 // NVD: CVE-2022-25822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25822
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25822
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-25822
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2023-73911
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202203-860
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-25822
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2023-73911
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25822
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	3.6
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2022-25822
baseSeverity:	MEDIUM
baseScore:	4.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.5
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-25822
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-73911 // JVNDB: JVNDB-2022-006571 // CNNVD: CNNVD-202203-860 // NVD: CVE-2022-25822 // NVD: CVE-2022-25822

PROBLEMTYPE DATA

problemtype:	CWE-362	Trust: 1.0
problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-006571 // NVD: CVE-2022-25822

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-860

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202203-860

PATCH

title:	Patch for Samsung sdp driver denial of service vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/355771	Trust: 0.6
title:	Samsung sdp driver Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186076	Trust: 0.6

sources: CNVD: CNVD-2023-73911 // CNNVD: CNNVD-202203-860

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25822	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-006571	Trust: 0.8
db:	CNVD	id:	CNVD-2023-73911	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-860	Trust: 0.6

sources: CNVD: CNVD-2023-73911 // JVNDB: JVNDB-2022-006571 // CNNVD: CNNVD-202203-860 // NVD: CVE-2022-25822

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2022&month=3	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25822	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2022-25822/	Trust: 0.6

sources: CNVD: CNVD-2023-73911 // JVNDB: JVNDB-2022-006571 // CNNVD: CNNVD-202203-860 // NVD: CVE-2022-25822

SOURCES

db:	CNVD	id:	CNVD-2023-73911
db:	JVNDB	id:	JVNDB-2022-006571
db:	CNNVD	id:	CNNVD-202203-860
db:	NVD	id:	CVE-2022-25822

LAST UPDATE DATE

2024-08-14T14:02:44.374000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-73911	date:	2023-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-006571	date:	2023-07-06T08:10:00
db:	CNNVD	id:	CNNVD-202203-860	date:	2022-03-17T00:00:00
db:	NVD	id:	CVE-2022-25822	date:	2022-03-16T03:35:08.717

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-73911	date:	2022-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-006571	date:	2023-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202203-860	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2022-25822	date:	2022-03-10T17:47:21.933