CVE-2022-22265 in Google and Samsung Products
Published on January 10, 2022
Known Exploited Vulnerability
This Samsung Mobile Devices Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
The following remediation steps are recommended / required by October 9, 2023: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2022-22265 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
Improper Check or Handling of Exceptional Conditions
The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.
Products Associated with CVE-2022-22265
stack.watch emails you whenever new vulnerabilities are published in Google Android or Samsung Mobile Devices. Just hit a watch button to start following.
Affected Versions
Samsung Mobile Devices:- Version O(8.x), P(9.0), Q(10.0), R(11.0), S(12.0) and below SMR Jan-2022 Release 1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.