CVE-2022-22265
published 2022-01-10CVE-2022-22265: An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
PriorityP181high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-10-09
Exploited in the wild
EPSS
0.39%
31.0th percentile
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| samsung_mobile | samsung_mobile_devices | >= O(8.x), P(9.0), Q(10.0), R(11.0), S(12.0) < SMR Jan-2022 Release 1 | SMR Jan-2022 Release 1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target is the NPU (Neural Processing Unit) driver on Samsung Mobile Devices with selected Exynos chipsets; look for anomalous kernel-level memory write operations or unexpected code execution originating from the NPU driver context ↗
- →Vulnerability class is use-after-free in the NPU driver; monitor for use-after-free exploitation patterns (e.g., heap spray, dangling pointer dereference) targeting Samsung Exynos chipset kernel drivers ↗
- ·Vulnerability affects Samsung Mobile Devices with selected Exynos chipsets only; not all Samsung devices are impacted — scope detection to Exynos-based models running firmware prior to SMR Jan-2022 Release 1 ↗
- ·CISA KEV listing confirms active exploitation in the wild; treat unpatched Exynos devices as high-priority remediation targets with a CISA-mandated remediation due date of 2023-10-09 ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck5.0MEDIUM
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9fvj-4grr-mv9j: An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution
ghsa_unreviewed·2022-01-11
CVE-2022-22265 [HIGH] CWE-703 GHSA-9fvj-4grr-mv9j: An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
VulnCheck
Samsung Mobile Devices Use-After-Free Vulnerability
vulncheck·2022·CVSS 5.0
CVE-2022-22265 [MEDIUM] CWE-703 Samsung Mobile Devices Use-After-Free Vulnerability
Samsung Mobile Devices Use-After-Free Vulnerability
Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
Affected: Samsung Mobile Devices
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-22265.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2023-10-09
Project0
Project Zero RCA: CVE-2022-22265: Samsung NPU device driver double free in Android
project_zero·CVSS 5.0
CVE-2022-22265 [MEDIUM] Project Zero RCA: CVE-2022-22265: Samsung NPU device driver double free in Android
# CVE-2022-22265: Samsung NPU device driver double free in Android
Xingyu Jin, Android Security Research
## The Basics
**Disclosure or Patch Date:** Jan 01, 2022
**Product:** Samsung Android
**Advisory:** https://security.samsungmobile.com/securityUpdate.smsb
**Affected Versions:** Samsung Exynos with NPU, pre SMR-Jan-2022
**First Patched Version:** SMR-Jan-2022
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Seonung Jang of STEALIEN
## The Code
**Proof-of-concept:** N/A
**Exploit sample:** N/A
**Did you have access to the exploit sample when doing the analysis?** Yes
## The Vulnerability
**Bug class:** Double free
**Vulnerability details:**
There is a double free vulnerability in the Samsung NPU (`/dev/vertex10`) on the formats
CISA
Samsung Mobile Devices Use-After-Free Vulnerability
cisa·2023-09-18·CVSS 7.8
CVE-2022-22265 [HIGH] CWE-703 Samsung Mobile Devices Use-After-Free Vulnerability
Vulnerability: Samsung Mobile Devices Use-After-Free Vulnerability
Affected: Samsung Mobile Devices
Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1; https://nvd.nist.gov/vuln/detail/CVE-2022-22265
Remediation Due Date: 2023-10-09
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-10
Published
2023-09-18
Added to CISA KEV
Exploited in the wild