CVE-2022-33717 — Out-of-bounds Read in Mobile Devices

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 96.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung Mobile Devices Google Android

Timeline

PublishedAug 5

Latest updateAug 6

Description

A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5samsung_mobile/samsung_mobile_devicesR(11), S(12) — SMR Aug-2022 Release 1

▶NVDgoogle/android11.0, 12.0+1

🔴Vulnerability Details

GHSA

GHSA-8qhq-h248-mjq4: A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory↗2022-08-06

▶

CVEList

CVE-2022-33717: A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory↗2022-08-05

▶