How severe is CVE-2022-22265?

CVE-2022-22265 has a CVSS v3 score of 5 (MEDIUM).

CVE-2022-22265

Name: exynos
Author: samsung

5.0MEDIUM

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

Veröffentlicht: 1/10/2022Aktualisiert: 10/30/2025

CISA Bekannte Ausgenutzte Schwachstelle

Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.

Erforderliche Maßnahme:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Fälligkeitsdatum:

2023-10-09

Beschreibung

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

KI-AnalyseKI-gestützt

Betroffene Produkte

googleandroid

9.0

googleandroid

10.0

googleandroid

11.0

googleandroid

12.0

samsungexynos

Referenzen

https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1
Vendor Advisory
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22265
US Government Resource