Vulnerabilities > CVE-2022-28793 - Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Galaxy S22 Firmware

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

samsung

CWE-754

NVD

Published: 2022-05-03

Updated: 2022-05-11

Summary

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung Galaxy S22 Firmware -	1
Hardware	Samsung Samsung Galaxy S22 -	1

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5