← back
CVE-2022-22265

CVE-2022-22265

CVSS 5 MEDIUMEPSS 0.4%● KEVCWE-703
In short

The NPU driver fails to properly validate exceptional conditions, allowing an attacker to write arbitrary data to memory and execute malicious code on the system.

Technical detail

A missing or insufficient exception handling mechanism in the NPU driver prior to SMR Jan-2022 Release 1 permits arbitrary memory write operations that can be leveraged to achieve code execution. The vulnerability requires local access to interact with the driver but does not require elevated privileges.

Summary generated and translated by AI from the official description.
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Affected products
Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22265