CVE-2022-28793

Summary

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Mobile Devices- < Galaxy S22affected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CVE Program Container

Additional References

References