CVE-2022-28793Improper Check for Unusual or Exceptional Conditions in Mobile Devices

CWE-754Improper Check for Unusual or Exceptional Conditions3 documents3 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 80.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Mobile Devices
Timeline
PublishedMay 3
Latest updateMay 4

Description

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5samsung_mobile/samsung_mobile_devices-Galaxy S22

🔴Vulnerability Details

2
GHSA
GHSA-cx8v-4599-xpcf: Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during dev2022-05-04
CVEList
CVE-2022-28793: Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during dev2022-05-03
CVE-2022-28793 — Samsung Mobile Devices vulnerability | cvebase