Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2022-28793 | First vendor Publication | 2022-05-03 |
| Vendor | Cve | Last vendor Modification | 2022-05-11 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 4.4 | ||
| Base Score | 4.4 | Environmental Score | 4.4 |
| impact SubScore | 3.6 | Temporal Score | 4.4 |
| Exploitabality Sub Score | 0.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | High | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | None |
| Integrity Impact | High | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28793 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 |
Sources (Detail)
| Source | Url |
|---|---|
| MISC | https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5 |
Alert History
| Date | Informations |
|---|---|
| 2022-05-11 21:22:57 |
|
| 2022-05-04 17:22:57 |
|
| 2022-05-04 00:22:55 |
|
