Security Flaw in Bixby Routines Affects Android Devices
CVE-2022-22286

4.4MEDIUM

Key Information:

Vendor: Samsung
Status: Bixby Routines
Vendor: CVE Published:; 10 January 2022

What is CVE-2022-22286?

A security vulnerability exists in Bixby Routines that allows attackers to exploit PendingIntent functionality. This flaw enables privileged actions to be executed by modifying the intent, which can lead to unauthorized access and manipulation of device functions in Android versions R (11.0) and Q (10.0). Users of Bixby Routines should ensure they are using the latest versions to mitigate potential risks.

Affected Version(s)

Bixby Routines - < 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0)

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

x_refsource_MISC

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2022
Vulnerability Reserved
Dec 30, 2021

JSON

Samsung

What is CVE-2022-22286?

Affected Version(s)

References

CVSS V3.1

Timeline