← Voltar para CVEs
CVE-2022-28793
MEDIUM4.4
Descricao
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.
Detalhes CVE
Pontuacao CVSS v3.14.4
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado5/3/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
samsung:galaxy_s22samsung:galaxy_s22_firmware
Fraquezas (CWE)
CWE-754CWE-754
Referencias
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5(mobile.security@samsung.com)
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.