⚠ Actively exploited
Added to CISA KEV on 2023-09-18. Federal agencies required to patch by 2023-10-09. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2022-22265Improper Check or Handling of Exceptional Conditions in Mobile Devices

CWE-703Improper Check or Handling of Exceptional ConditionsCWE-755Improper Handling of Exceptional Conditions6 documents6 sources
Severity
7.8HIGHNVD
CNA5.0VulnCheck5.0
EPSS
0.2%
top 59.71%
CISA KEV
KEV
Added 2023-09-18
Due 2023-10-09
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Samsung Mobile DevicesGoogle Android
Timeline
PublishedJan 10
KEV addedSep 18
KEV dueOct 9
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5samsung_mobile/samsung_mobile_devicesO(8.x), P(9.0), Q(10.0), R(11.0), S(12.0)SMR Jan-2022 Release 1
NVDgoogle/android4 versions+3

🔴Vulnerability Details

4
GHSA
GHSA-9fvj-4grr-mv9j: An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution2022-01-11
CVEList
CVE-2022-22265: An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution2022-01-07
VulnCheck
Samsung Mobile Devices Use-After-Free Vulnerability2022
Project0
Project Zero RCA: CVE-2022-22265: Samsung NPU device driver double free in Android

📋Vendor Advisories

1
CISA
Samsung Mobile Devices Use-After-Free Vulnerability2023-09-18
CVE-2022-22265 — Samsung Mobile Devices vulnerability | cvebase