CVE-2022-22264 — Improper Input Validation in Mobile Devices

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.1HIGHNVD

CNA7.7

EPSS

0.0%

top 96.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedJan 10

Latest updateJan 11

Description

Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesQ(10.0), R(11.0), S(12.0) — SMR Jan-2022 Release 1

▶NVDgoogle/android10.0, 11.0, 12.0+2

🔴Vulnerability Details

GHSA

GHSA-hg8f-7r33-vp6x: Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without↗2022-01-11

▶

CVEList

CVE-2022-22264: Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without↗2022-01-07

▶