CVE-2022-28793
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices | - < Galaxy S22 | affected |
Weaknesses
- CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.