CVE-2022-28793

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.

CVSS v3 4.4 MEDIUM
CVSS v2.0 2.1 LOW

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:samsung:galaxy_s22_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s22:-:*:*:*:*:*:*:*

History

11 May 2022, 17:56

Type	Values Removed	Values Added
First Time		Samsung Samsung galaxy S22 Firmware Samsung galaxy S22
CPE		cpe:2.3:o:samsung:galaxy_s22_firmware:-:::::::* cpe:2.3:h:samsung:galaxy_s22:-:::::::*
References	~~(MISC) https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5 -~~	(MISC) https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5 - Vendor Advisory
CWE		CWE-754
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 4.4

03 May 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-03 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-28793

Mitre link : CVE-2022-28793

CVE.ORG link : CVE-2022-28793

JSON object : View

Products Affected

samsung

galaxy_s22_firmware
galaxy_s22

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

{"id": "CVE-2022-28793", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "mobile.security@samsung.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2022-05-03T20:15:09.803", "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=5", "tags": ["Vendor Advisory"], "source": "mobile.security@samsung.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-754"}]}, {"type": "Secondary", "source": "mobile.security@samsung.com", "description": [{"lang": "en", "value": "CWE-754"}]}], "descriptions": [{"lang": "en", "value": "Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time."}, {"lang": "es", "value": "Dado que el TEE est\u00e1 comprometido y controlado por el atacante, un mantenimiento inapropiado del estado en StrongBox permite a atacantes cambiar el ROT de Android durante el ciclo de arranque del dispositivo despu\u00e9s de comprometer el TEE. El parche es aplicado en el Galaxy S22 para evitar el cambio del ROT de Android despu\u00e9s de la primera inicializaci\u00f3n en el arranque"}], "lastModified": "2022-05-11T17:56:00.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s22_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "033A5F31-7E59-49EE-8C57-F40844AFEE90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s22:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C291A489-9D53-4706-B84D-15DEED0E41C9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "mobile.security@samsung.com"}