Improper Input Validation in RPMB LDFW by Samsung Mobile
CVE-2022-23432

6.4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices With Exynos Chipsets
Vendor: CVE Published:; 11 February 2022

What is CVE-2022-23432?

An improper input validation vulnerability exists in the SMC_SRPMB_WSM handler of the RPMB LDFW prior to the SMR February 2022 Release 1. This flaw could allow an attacker to exploit the vulnerability by performing arbitrary memory writes, potentially leading to unauthorized code execution within affected devices. Users should ensure their devices are updated to the latest firmware to mitigate any potential risks associated with this vulnerability.

Affected Version(s)

Samsung Mobile Devices with Exynos chipsets P(9.0), Q(10.0), R(11.0), S(12.0) devices with selected Exynos chipsets

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

x_refsource_MISC

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2022
Vulnerability Reserved
Jan 18, 2022